| |
| |||||||
Log-Analyse und Auswertung: Links über Skype und Mails werden verschickt - aber nicht von mirWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
10.09.2015, 11:04
| #1 |
| |  Links über Skype und Mails werden verschickt - aber nicht von mir Hallo ich habe ein Problem. Seit einiger Zeit tauchen in meinem Mail-Eingang immer wieder Mails auf in denen steht, dass irgendwelche Nachrichten nicht zugestellt werden konnten. Diese Nachrichten habe ich aber nicht geschrieben. Die sind meistens mitten in der Nacht wann ich gar nicht online bin. Vor ein paar Tagen hat Skype jetzt irgendwelche Links an meine Kontakte verschickt. Ein Freund meinte, dass ich wohl einen Virus habe. Habe Norton schon laufen lassen, aber das hat wie üblich nur ein paar Tracking Cookies gefunden und entfernt. Kann mir jemand helfen? Schon mal vielen Dank und schöne Grüße Hier die Logfiles Code:
ATTFilter defogger_disable by jpshortstuff (23.02.10.1)
Log created at 11:25 on 10/09/2015 (Martin)
Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.
Checking for services/drivers...
-=E.O.F=-
FRST Code:
ATTFilter Untersuchungsergebnis von Farbar Recovery Scan Tool (FRST) (x64) Version:07-09-2015
durchgeführt von Martin (Administrator) auf MARTIN-LAPTOP (10-09-2015 11:26:06)
Gestartet von C:\Users\Martin\Desktop
Geladene Profile: UpdatusUser & Martin (Verfügbare Profile: UpdatusUser & Martin)
Platform: Windows 8.1 (X64) Sprache: Deutsch (Deutschland)
Internet Explorer Version 11 (Standard-Browser: IE)
Start-Modus: Normal
Anleitung für Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Prozesse (Nicht auf der Ausnahmeliste) =================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Prozess geschlossen. Die Datei wird nicht verschoben.)
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(Cisco Systems, Inc.) C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe
(ASUS) C:\Program Files (x86)\ASUS\Splendid\ACMON.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\Splendid\ColorUService.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe
(ASUS) C:\Program Files\ASUS\P4G\BatteryLife.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe
(ASUSTek Computer INC.) C:\ProgramData\AsTouchPanel\AsPatchTouchPanel64.exe
(ASUS) C:\Program Files\ASUS\P4G\InsOnSrv.exe
() C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.18.159\AsusWSWinService.exe
(ASUSTek Computer Inc.) C:\Program Files\ASUS\ASUS VivoBook\vivokey.exe
(AsusTek) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPLoader.exe
(ASUS) C:\Program Files\ASUS\P4G\InsOnWMI.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\QuickGesture\x64\QuickGesture64.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\QuickGesture\x86\QuickGesture.exe
(AsusTek) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPCenter.exe
(Windows (R) Win 7 DDK provider) C:\Program Files (x86)\Bluetooth Suite\AdminService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(REINER SCT) C:\Windows\SysWOW64\cjpcsc.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
(Intel Corporation) C:\Windows\System32\DptfParticipantProcessorService.exe
(Intel Corporation) C:\Windows\System32\DptfPolicyConfigTDPService.exe
(Intel Corporation) C:\Windows\System32\DptfPolicyCriticalService.exe
(Intel Corporation) C:\Windows\System32\DptfPolicyLpmService.exe
(Condusiv Technologies) C:\Program Files\Condusiv Technologies\ExpressCache\ExpressCache.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Symantec Corporation) C:\Program Files (x86)\Norton 360\Engine\22.5.2.15\N360.exe
(Atheros) C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
(AsusTek) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPHelper.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Atheros Communications) C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe
(Intel Corporation) C:\Windows\System32\DptfPolicyLpmServiceHelper.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
(Symantec Corporation) C:\Program Files (x86)\Norton 360\Engine\22.5.2.15\N360.exe
() C:\Program Files (x86)\Bluetooth Suite\ActivateDesktop.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(Adobe Systems Incorporated) C:\Windows\System32\Macromed\Flash\FlashUtil_ActiveX.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
==================== Registry (Nicht auf der Ausnahmeliste) ===========================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt. Die Datei wird nicht verschoben.)
HKLM\...\Run: [DptfPolicyLpmServiceHelper] => C:\WINDOWS\system32\DptfPolicyLpmServiceHelper.exe [79376 2013-07-31] (Intel Corporation)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13776088 2014-12-11] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1391472 2014-12-11] (Realtek Semiconductor)
HKLM-x32\...\Run: [ASUSPRP] => C:\Program Files (x86)\ASUS\APRP\APRP.EXE [3187360 2013-04-26] (ASUSTek Computer Inc.)
HKLM-x32\...\Run: [ASUSWebStorage] => C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.18.159\AsusWSPanel.exe [3576784 2012-12-19] (ASUS Cloud Corporation)
HKLM-x32\...\Run: [RemoteControl10] => C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe [95192 2013-03-08] (CyberLink Corp.)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard)
HKLM-x32\...\Run: [] => [X]
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKLM\...\Policies\Explorer\Run: [BtvStack] => C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe [132736 2013-04-24] (Atheros Communications)
HKU\S-1-5-21-3515464670-2770779577-3274627398-1001\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [516608 2014-11-21] (Microsoft Corporation)
HKU\S-1-5-21-3515464670-2770779577-3274627398-1002\...\Run: [Dropbox Update] => C:\Users\Martin\AppData\Local\Dropbox\Update\DropboxUpdate.exe [134512 2015-07-15] (Dropbox, Inc.)
AppInit_DLLs: C:\Windows\system32\nvinitx.dll => C:\Windows\system32\nvinitx.dll [168616 2013-12-10] (NVIDIA Corporation)
ShellIconOverlayIdentifiers: [ OverlayExcluded] -> {4433A54A-1AC8-432F-90FC-85F045CF383C} => C:\Program Files (x86)\Norton 360\Engine64\22.5.2.15\buShell.dll [2015-07-13] (Symantec Corporation)
ShellIconOverlayIdentifiers: [ OverlayPending] -> {F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225} => C:\Program Files (x86)\Norton 360\Engine64\22.5.2.15\buShell.dll [2015-07-13] (Symantec Corporation)
ShellIconOverlayIdentifiers: [ OverlayProtected] -> {476D0EA3-80F9-48B5-B70B-05E677C9C148} => C:\Program Files (x86)\Norton 360\Engine64\22.5.2.15\buShell.dll [2015-07-13] (Symantec Corporation)
ShellIconOverlayIdentifiers: [!AsusWSShellExt_B] -> {6D4133E5-0742-4ADC-8A8C-9303440F7190} => C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.18.159\ASUSWSShellExt64.dll [2012-09-27] (ASUS Cloud Corporation.)
ShellIconOverlayIdentifiers: [!AsusWSShellExt_O] -> {64174815-8D98-4CE6-8646-4C039977D808} => C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.18.159\ASUSWSShellExt64.dll [2012-09-27] (ASUS Cloud Corporation.)
ShellIconOverlayIdentifiers: [!AsusWSShellExt_U] -> {1C5AB7B1-0B38-4EC4-9093-7FD277E2AF4D} => C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.18.159\ASUSWSShellExt64.dll [2012-09-27] (ASUS Cloud Corporation.)
ShellIconOverlayIdentifiers: ["DropboxExt1"] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Martin\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll [2015-08-14] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt2"] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Martin\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll [2015-08-14] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt3"] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Martin\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll [2015-08-14] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt4"] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Martin\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll [2015-08-14] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt5"] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Martin\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll [2015-08-14] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt6"] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Martin\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll [2015-08-14] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt7"] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Martin\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll [2015-08-14] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt8"] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Martin\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll [2015-08-14] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Martin\AppData\Roaming\Dropbox\bin\DropboxExt.27.dll [2015-08-14] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Martin\AppData\Roaming\Dropbox\bin\DropboxExt.27.dll [2015-08-14] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt3] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Martin\AppData\Roaming\Dropbox\bin\DropboxExt.27.dll [2015-08-14] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt4] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Martin\AppData\Roaming\Dropbox\bin\DropboxExt.27.dll [2015-08-14] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt5] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Martin\AppData\Roaming\Dropbox\bin\DropboxExt.27.dll [2015-08-14] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt6] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Martin\AppData\Roaming\Dropbox\bin\DropboxExt.27.dll [2015-08-14] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt7] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Martin\AppData\Roaming\Dropbox\bin\DropboxExt.27.dll [2015-08-14] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt8] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Martin\AppData\Roaming\Dropbox\bin\DropboxExt.27.dll [2015-08-14] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt1"] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Martin\AppData\Roaming\Dropbox\bin\DropboxExt.27.dll [2015-08-14] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt2"] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Martin\AppData\Roaming\Dropbox\bin\DropboxExt.27.dll [2015-08-14] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt3"] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Martin\AppData\Roaming\Dropbox\bin\DropboxExt.27.dll [2015-08-14] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt4"] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Martin\AppData\Roaming\Dropbox\bin\DropboxExt.27.dll [2015-08-14] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt5"] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Martin\AppData\Roaming\Dropbox\bin\DropboxExt.27.dll [2015-08-14] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt6"] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Martin\AppData\Roaming\Dropbox\bin\DropboxExt.27.dll [2015-08-14] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt7"] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Martin\AppData\Roaming\Dropbox\bin\DropboxExt.27.dll [2015-08-14] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt8"] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Martin\AppData\Roaming\Dropbox\bin\DropboxExt.27.dll [2015-08-14] (Dropbox, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\hpoddt01.exe.lnk [2014-07-21]
ShortcutTarget: hpoddt01.exe.lnk -> C:\Program Files (x86)\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe (Hewlett-Packard)
Startup: C:\Users\Martin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Tintenwarnungen überwachen - HP Officejet Pro 8610.lnk [2015-07-04]
ShortcutTarget: Tintenwarnungen überwachen - HP Officejet Pro 8610.lnk -> C:\Program Files\HP\HP Officejet Pro 8610\Bin\HPStatusBL.dll (Hewlett-Packard Development Company, LP)
==================== Internet (Nicht auf der Ausnahmeliste) ====================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Eintrag entfernt oder auf den Standardwert zurückgesetzt, wenn es sich um einen Registryeintrag handelt..)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1
Tcpip\..\Interfaces\{08FE31C7-FE0C-474C-9C6C-CCC50F44AABB}: [DhcpNameServer] 192.168.2.1
Tcpip\..\Interfaces\{B9F03622-55EC-4EE5-81B5-0FB25A5E26C1}: [DhcpNameServer] 30.50.1.1 30.50.1.2
Internet Explorer:
==================
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Richtlinienbeschränkung <======= ACHTUNG
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://feed.snapdo.com/?p=mKO_AwFzXIpYRbPAMW02fQbYPFkTjj8jzRyB0rQvzyej3yvtCjyXXnQme9oxsQRSyyp0Bt1QtC6RCK2m_xhOoNdhT5HX80anbXrpXhx9ZMHv4UHqa3mV-Mbae8FYx677HOGI2CEmL6rtoxP0wNxDbf25PZ9zIrDaSwUP_c91DF6eVHWJFMa8z7Pmrq9gxjmKDOmw
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://feed.snapdo.com/?p=mKO_AwFzXIpYRbPAMW02fQbYPFkTjj8jzRyB0rQvzyej3yvtCjyXXnQme9oxsQRSyyp0Bt1QtC6RCK2m_xhOoNdhT5HX80anbXrpXhx9ZMHv4UHqa3mV-Mbae8FYx677HOGI2C0AKLnIJ5RTuZ7eLUbH38jx4juB95WT8n2Huoi98GeizMl5RTvpsCzx5KNvS-Ao&q={searchTerms}
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://feed.snapdo.com/?p=mKO_AwFzXIpYRbPAMW02fQbYPFkTjj8jzRyB0rQvzyej3yvtCjyXXnQme9oxsQRSyyp0Bt1QtC6RCK2m_xhOoNdhT5HX80anbXrpXhx9ZMHv4UHqa3mV-Mbae8FYx677HOGI2C0AKLnIJ5RTuZ7eLUbH38jx4juB95WT8n2Huoi98GeizMl5RTvpsCzx5KNvS-Ao&q={searchTerms}
HKU\S-1-5-21-3515464670-2770779577-3274627398-1001\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://feed.snapdo.com/?p=mKO_AwFzXIpYRbPAMW02fQbYPFkTjj8jzRyB0rQvzyej3yvtCjyXXnQme9oxsQRSyyp0Bt1QtC6RCK2m_xhOoNdhT5HX80anbXrpXhx9ZMHv4UHqa3mV-Mbae8FYx677HOGI2C0AKLnIJ5RTuZ7eLUbH38jx4juB95WT8n2Huoi98GeizMl5RTvpsCzx5KNvS-Ao&q={searchTerms}
HKU\S-1-5-21-3515464670-2770779577-3274627398-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://feed.snapdo.com/?p=mKO_AwFzXIpYRbPAMW02fQbYPFkTjj8jzRyB0rQvzyej3yvtCjyXXnQme9oxsQRSyyp0Bt1QtC6RCK2m_xhOoNdhT5HX80anbXrpXhx9ZMHv4UHqa3mV-Mbae8FYx677HOGI2CEmL6rtoxP0wNxDbf25PZ9zIrDaSwUP_c91DF6eVHWJFMa8z7Pmrq9gxjmKDOmw
HKU\S-1-5-21-3515464670-2770779577-3274627398-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://asus13.msn.com
HKU\S-1-5-21-3515464670-2770779577-3274627398-1001\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://feed.snapdo.com/?p=mKO_AwFzXIpYRbPAMW02fQbYPFkTjj8jzRyB0rQvzyej3yvtCjyXXnQme9oxsQRSyyp0Bt1QtC6RCK2m_xhOoNdhT5HX80anbXrpXhx9ZMHv4UHqa3mV-Mbae8FYx677HOGI2C0AKLnIJ5RTuZ7eLUbH38jx4juB95WT8n2Huoi98GeizMl5RTvpsCzx5KNvS-Ao&q={searchTerms}
HKU\S-1-5-21-3515464670-2770779577-3274627398-1002\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.bing.com/search?q={searchTerms}
HKU\S-1-5-21-3515464670-2770779577-3274627398-1002\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://t.asus13.de.msn.com/?pc=asu2js&ocid=asudhp
HKU\S-1-5-21-3515464670-2770779577-3274627398-1002\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://asus13.msn.com
HKU\S-1-5-21-3515464670-2770779577-3274627398-1002\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.bing.com/search?q={searchTerms}
SearchScopes: HKLM-x32 -> DefaultScope {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = hxxp://feed.snapdo.com/?p=mKO_AwFzXIpYRbPAMW02fQbYPFkTjj8jzRyB0rQvzyej3yvtCjyXXnQme9oxsQRSyyp0Bt1QtC6RCK2m_xhOoNdhT5HX80anbXrpXhx9ZMHv4UHqa3mV-Mbae8FYx677HOGI2C0AKLnIJ5RTuZ7eLUbH38jx4juB95WT8n2Huoi98GeizMl5RTvpsCzx5KNvS-Ao&q={searchTerms}
SearchScopes: HKLM-x32 -> {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = hxxp://feed.snapdo.com/?p=mKO_AwFzXIpYRbPAMW02fQbYPFkTjj8jzRyB0rQvzyej3yvtCjyXXnQme9oxsQRSyyp0Bt1QtC6RCK2m_xhOoNdhT5HX80anbXrpXhx9ZMHv4UHqa3mV-Mbae8FYx677HOGI2C0AKLnIJ5RTuZ7eLUbH38jx4juB95WT8n2Huoi98GeizMl5RTvpsCzx5KNvS-Ao&q={searchTerms}
SearchScopes: HKU\.DEFAULT -> DefaultScope {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = hxxp://feed.snapdo.com/?p=mKO_AwFzXIpYRbPAMW02fQbYPFkTjj8jzRyB0rQvzyej3yvtCjyXXnQme9oxsQRSyyp0Bt1QtC6RCK2m_xhOoNdhT5HX80anbXrpXhx9ZMHv4UHqa3mV-Mbae8FYx677HOGI2C0AKLnIJ5RTuZ7eLUbH38jx4juB95WT8n2Huoi98GeizMl5RTvpsCzx5KNvS-Ao&q={searchTerms}
SearchScopes: HKU\.DEFAULT -> {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = hxxp://feed.snapdo.com/?p=mKO_AwFzXIpYRbPAMW02fQbYPFkTjj8jzRyB0rQvzyej3yvtCjyXXnQme9oxsQRSyyp0Bt1QtC6RCK2m_xhOoNdhT5HX80anbXrpXhx9ZMHv4UHqa3mV-Mbae8FYx677HOGI2C0AKLnIJ5RTuZ7eLUbH38jx4juB95WT8n2Huoi98GeizMl5RTvpsCzx5KNvS-Ao&q={searchTerms}
SearchScopes: HKU\S-1-5-21-3515464670-2770779577-3274627398-1001 -> DefaultScope {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = hxxp://feed.snapdo.com/?p=mKO_AwFzXIpYRbPAMW02fQbYPFkTjj8jzRyB0rQvzyej3yvtCjyXXnQme9oxsQRSyyp0Bt1QtC6RCK2m_xhOoNdhT5HX80anbXrpXhx9ZMHv4UHqa3mV-Mbae8FYx677HOGI2C0AKLnIJ5RTuZ7eLUbH38jx4juB95WT8n2Huoi98GeizMl5RTvpsCzx5KNvS-Ao&q={searchTerms}
SearchScopes: HKU\S-1-5-21-3515464670-2770779577-3274627398-1001 -> {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = hxxp://feed.snapdo.com/?p=mKO_AwFzXIpYRbPAMW02fQbYPFkTjj8jzRyB0rQvzyej3yvtCjyXXnQme9oxsQRSyyp0Bt1QtC6RCK2m_xhOoNdhT5HX80anbXrpXhx9ZMHv4UHqa3mV-Mbae8FYx677HOGI2C0AKLnIJ5RTuZ7eLUbH38jx4juB95WT8n2Huoi98GeizMl5RTvpsCzx5KNvS-Ao&q={searchTerms}
SearchScopes: HKU\S-1-5-21-3515464670-2770779577-3274627398-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-3515464670-2770779577-3274627398-1002 -> DefaultScope {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = hxxp://www.bing.com/search?q={searchTerms}
SearchScopes: HKU\S-1-5-21-3515464670-2770779577-3274627398-1002 -> {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = hxxp://www.bing.com/search?q={searchTerms}
SearchScopes: HKU\S-1-5-21-3515464670-2770779577-3274627398-1002 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll [2015-07-14] (Microsoft Corporation)
BHO: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton 360\Engine64\22.5.2.15\coIEPlg.dll [2015-07-10] (Symantec Corporation)
BHO: CIESpeechBHO Class -> {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} -> C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll [2013-04-24] (Qualcomm Atheros Commnucations)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL [2015-07-14] (Microsoft Corporation)
BHO-x32: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton 360\Engine\22.5.2.15\coIEPlg.dll [2015-07-10] (Symantec Corporation)
BHO-x32: Norton Vulnerability Protection -> {6D53EC84-6AAE-4787-AEEE-F4628F01010C} -> C:\Program Files (x86)\Norton 360\Engine\21.7.0.11\IPS\IPSBHO.DLL Keine Datei
Toolbar: HKLM - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine64\22.5.2.15\coIEPlg.dll [2015-07-10] (Symantec Corporation)
Toolbar: HKLM - Kein Name - {ae07101b-46d4-4a98-af68-0333ea26e113} - Keine Datei
Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine\22.5.2.15\coIEPlg.dll [2015-07-10] (Symantec Corporation)
Toolbar: HKLM-x32 - Kein Name - {ae07101b-46d4-4a98-af68-0333ea26e113} - Keine Datei
Toolbar: HKU\S-1-5-21-3515464670-2770779577-3274627398-1002 -> Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine64\22.5.2.15\coIEPlg.dll [2015-07-10] (Symantec Corporation)
DPF: HKLM-x32 {0D41B8C5-2599-4893-8183-00195EC8D5F9} hxxp://support.asus.com/select/asusTek_sys_ctrl3.cab
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL [2015-02-03] (Microsoft Corporation)
FireFox:
========
FF ProfilePath: C:\Users\Martin\AppData\Roaming\Mozilla\Firefox\Profiles\2q61wmip.default
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2013-08-08] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2013-08-08] (Intel Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL [2014-04-18] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3505.0912 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-09-12] (Microsoft Corporation)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll [2012-10-12] ()
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2015-06-29] (Adobe Systems Inc.)
FF HKLM-x32\...\Firefox\Extensions: [{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_22.5.2.15\coFFPlgn
FF Extension: Norton Toolbar - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_22.5.2.15\coFFPlgn [2015-09-10]
FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK
Chrome:
=======
CHR HKLM\...\Chrome\Extension: [cjabmdjcfcfdmffimndhafhblfmpjdpe] - C:\Program Files (x86)\Norton 360\Engine\22.5.2.15\Exts\Chrome.crx [2015-08-10]
CHR HKLM\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - https://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [cjabmdjcfcfdmffimndhafhblfmpjdpe] - C:\Program Files (x86)\Norton 360\Engine\22.5.2.15\Exts\Chrome.crx [2015-08-10]
CHR HKLM-x32\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - https://clients2.google.com/service/update2/crx
==================== Dienste (Nicht auf der Ausnahmeliste) ========================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
R2 ASUS InstantOn; C:\Program Files\ASUS\P4G\InsOnSrv.exe [277120 2013-07-23] (ASUS)
R2 Asus WebStorage Windows Service; C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.18.159\AsusWSWinService.exe [72192 2012-12-19] () [Datei ist nicht signiert]
R2 AtherosSvc; C:\Program Files (x86)\Bluetooth Suite\adminservice.exe [310400 2013-04-24] (Windows (R) Win 7 DDK provider) [Datei ist nicht signiert]
R2 cjpcsc; C:\WINDOWS\SysWOW64\cjpcsc.exe [557056 2015-06-16] (REINER SCT)
R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2765496 2015-07-14] (Microsoft Corporation)
R2 DptfParticipantProcessorService; C:\Windows\system32\DptfParticipantProcessorService.exe [83032 2013-07-31] (Intel Corporation)
R2 DptfPolicyConfigTDPService; C:\Windows\system32\DptfPolicyConfigTDPService.exe [100032 2013-07-31] (Intel Corporation)
R2 DptfPolicyCriticalService; C:\Windows\system32\DptfPolicyCriticalService.exe [84568 2013-07-31] (Intel Corporation)
R2 DptfPolicyLpmService; C:\Windows\system32\DptfPolicyLpmService.exe [92864 2013-07-31] (Intel Corporation)
R2 ExpressCache; C:\Program Files\Condusiv Technologies\ExpressCache\ExpressCache.exe [107944 2013-01-08] (Condusiv Technologies)
R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [733696 2013-05-11] (Intel(R) Corporation) [Datei ist nicht signiert]
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [822232 2013-05-11] (Intel(R) Corporation)
R2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [131544 2013-08-08] (Intel Corporation)
S3 iumsvc; C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\iumsvc.exe [174368 2014-02-28] ()
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [169432 2013-08-08] (Intel Corporation)
R2 N360; C:\Program Files (x86)\Norton 360\Engine\22.5.2.15\N360.exe [282016 2015-07-16] (Symantec Corporation)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366552 2015-07-07] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2015-07-07] (Microsoft Corporation)
R2 ZAtheros Bt and Wlan Coex Agent; C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [323584 2013-04-24] (Atheros) [Datei ist nicht signiert]
===================== Treiber (Nicht auf der Ausnahmeliste) ==========================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
R3 ATP; C:\Windows\System32\drivers\AsusTP.sys [69392 2013-08-08] (ASUS Corporation)
R1 BHDrvx64; C:\Program Files (x86)\Norton 360\NortonData\22.5.2.15\Definitions\BASHDefs\20150904.001\BHDrvx64.sys [1650936 2015-07-23] (Symantec Corporation)
S3 BTATH_LWFLT; C:\Windows\system32\DRIVERS\btath_lwflt.sys [77464 2013-04-24] (Qualcomm Atheros)
S3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [226304 2014-11-21] (Microsoft Corporation)
R1 ccSet_N360; C:\Windows\system32\drivers\N360x64\1605020.00F\ccSetx64.sys [173808 2015-07-11] (Symantec Corporation)
S3 cjusb; C:\Windows\system32\DRIVERS\cjusb.sys [36112 2015-03-23] (REINER SCT)
R3 DptfDevDram; C:\Windows\system32\DRIVERS\DptfDevDram.sys [68072 2013-07-31] (Intel Corporation)
R3 DptfDevPch; C:\Windows\system32\DRIVERS\DptfDevPch.sys [57216 2013-07-31] (Intel Corporation)
R3 DptfDevProc; C:\Windows\system32\DRIVERS\DptfDevProc.sys [120256 2013-07-31] (Intel Corporation)
R3 DptfManager; C:\Windows\system32\DRIVERS\DptfManager.sys [200808 2013-07-31] (Intel Corporation)
S0 ebdrv; C:\Windows\System32\drivers\evbda.sys [3357024 2013-08-22] (Broadcom Corporation)
R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [498512 2015-07-27] (Symantec Corporation)
R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [153936 2015-07-27] (Symantec Corporation)
R1 excfs; C:\Windows\System32\DRIVERS\excfs.sys [26024 2013-01-08] (Condusiv Technologies)
R0 excsd; C:\Windows\System32\DRIVERS\excsd.sys [112552 2013-01-08] (Condusiv Technologies)
R1 IDSVia64; C:\Program Files (x86)\Norton 360\NortonData\22.5.2.15\Definitions\IPSDefs\20150909.001\IDSvia64.sys [767224 2015-08-29] (Symantec Corporation)
R3 kbfiltr; C:\Windows\System32\drivers\kbfiltr.sys [14992 2012-08-02] ( )
R3 MEIx64; C:\Windows\system32\DRIVERS\TeeDriverx64.sys [99288 2013-12-19] (Intel Corporation)
R3 NAVENG; C:\Program Files (x86)\Norton 360\NortonData\22.5.2.15\Definitions\VirusDefs\20150909.016\ENG64.SYS [138488 2015-05-20] (Symantec Corporation)
R3 NAVEX15; C:\Program Files (x86)\Norton 360\NortonData\22.5.2.15\Definitions\VirusDefs\20150909.016\EX64.SYS [2146040 2015-05-20] (Symantec Corporation)
R2 plctrl; C:\Program Files\ASUS\P4G\plctrl.sys [14136 2013-07-23] (Windows (R) Win 7 DDK provider)
S3 scvad_simple; C:\Windows\system32\drivers\SplitCamAudio.sys [23552 2014-06-30] (Windows (R) Win 7 DDK provider)
S3 splitcam_hd_driver; C:\Windows\system32\DRIVERS\splitcam_hd_driver.sys [37496 2014-06-30] (Windows (R) Win 7 DDK provider)
R1 SRTSP; C:\Windows\System32\Drivers\N360x64\1605020.00F\SRTSP64.SYS [926448 2015-07-11] (Symantec Corporation)
R1 SRTSPX; C:\Windows\system32\drivers\N360x64\1605020.00F\SRTSPX64.SYS [50936 2015-07-11] (Symantec Corporation)
R0 SymEFASI; C:\Windows\System32\drivers\N360x64\1605020.00F\SYMEFASI64.SYS [1620720 2015-07-11] (Symantec Corporation)
S0 SymELAM; C:\Windows\System32\drivers\N360x64\1605020.00F\SymELAM.sys [24192 2015-07-11] (Symantec Corporation)
R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [111344 2015-08-10] (Symantec Corporation)
R1 SymIRON; C:\Windows\system32\drivers\N360x64\1605020.00F\Ironx64.SYS [297720 2015-07-11] (Symantec Corporation)
R1 SymNetS; C:\Windows\System32\Drivers\N360x64\1605020.00F\SYMNETS.SYS [576248 2015-07-11] (Symantec Corporation)
S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [44560 2015-07-07] (Microsoft Corporation)
S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [270168 2015-07-07] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114520 2015-07-07] (Microsoft Corporation)
==================== NetSvcs (Nicht auf der Ausnahmeliste) ===================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
==================== Ein Monat: Erstellte Dateien und Ordner ========
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)
2015-09-10 11:26 - 2015-09-10 11:26 - 00030614 _____ C:\Users\Martin\Desktop\FRST.txt
2015-09-10 11:25 - 2015-09-10 11:25 - 00000474 _____ C:\Users\Martin\Desktop\defogger_disable.log
2015-09-10 10:30 - 2015-09-10 11:26 - 00000000 ____D C:\FRST
2015-09-10 10:29 - 2015-09-10 10:29 - 02190336 _____ (Farbar) C:\Users\Martin\Desktop\FRST64.exe
2015-09-10 10:26 - 2015-09-10 10:26 - 00050477 _____ C:\Users\Martin\Desktop\Defogger.exe
2015-09-10 10:26 - 2015-09-10 10:26 - 00000000 _____ C:\Users\Martin\defogger_reenable
2015-09-09 22:52 - 2015-09-09 23:49 - 00000000 ____D C:\Users\Martin\AppData\Local\NPE
2015-09-09 13:50 - 2015-09-03 04:18 - 02531400 _____ (Microsoft Corporation) C:\WINDOWS\system32\msxml6.dll
2015-09-09 13:50 - 2015-09-03 04:17 - 01903848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxml6.dll
2015-09-09 13:50 - 2015-09-02 20:48 - 02345472 _____ (Microsoft Corporation) C:\WINDOWS\system32\msxml3.dll
2015-09-09 13:50 - 2015-09-02 19:09 - 01556992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxml3.dll
2015-09-09 13:50 - 2015-08-27 04:48 - 00136904 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
2015-09-09 13:50 - 2015-08-26 20:00 - 00721920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapi.dll
2015-09-09 13:50 - 2015-08-26 20:00 - 00124928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuwebv.dll
2015-09-09 13:50 - 2015-08-26 20:00 - 00081920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wudriver.dll
2015-09-09 13:50 - 2015-08-26 20:00 - 00029696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapp.exe
2015-09-09 13:50 - 2015-08-26 16:46 - 03705344 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2015-09-09 13:50 - 2015-08-26 16:29 - 02240512 _____ (Microsoft Corporation) C:\WINDOWS\system32\wucltux.dll
2015-09-09 13:50 - 2015-08-26 16:27 - 00891904 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll
2015-09-09 13:50 - 2015-08-26 16:27 - 00409088 _____ (Microsoft Corporation) C:\WINDOWS\system32\WUSettingsProvider.dll
2015-09-09 13:50 - 2015-08-26 16:26 - 00140288 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuwebv.dll
2015-09-09 13:50 - 2015-08-26 16:26 - 00095744 _____ (Microsoft Corporation) C:\WINDOWS\system32\wudriver.dll
2015-09-09 13:50 - 2015-08-26 16:26 - 00035840 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapp.exe
2015-09-09 13:50 - 2015-08-22 20:19 - 25188352 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2015-09-09 13:50 - 2015-08-22 19:35 - 02886144 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2015-09-09 13:50 - 2015-08-22 19:22 - 19856384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2015-09-09 13:50 - 2015-08-22 19:20 - 05923840 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2015-09-09 13:50 - 2015-08-22 18:50 - 02279424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2015-09-09 13:50 - 2015-08-22 18:41 - 14451712 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2015-09-09 13:50 - 2015-08-22 18:28 - 04520448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2015-09-09 13:50 - 2015-08-22 18:26 - 02427392 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2015-09-09 13:50 - 2015-08-22 18:22 - 12857344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2015-09-09 13:50 - 2015-07-30 19:18 - 00268288 _____ (Microsoft Corporation) C:\WINDOWS\system32\InkEd.dll
2015-09-09 13:50 - 2015-07-30 18:22 - 00230912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InkEd.dll
2015-09-09 13:49 - 2015-09-02 04:56 - 04175872 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2015-09-09 13:49 - 2015-09-02 04:55 - 00358912 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\atmfd.dll
2015-09-09 13:49 - 2015-09-02 04:50 - 00044032 _____ (Adobe Systems) C:\WINDOWS\system32\atmlib.dll
2015-09-09 13:49 - 2015-09-02 04:17 - 00301568 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\atmfd.dll
2015-09-09 13:49 - 2015-09-02 04:13 - 00035840 _____ (Adobe Systems) C:\WINDOWS\SysWOW64\atmlib.dll
2015-09-09 13:49 - 2015-08-22 19:34 - 00585216 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2015-09-09 13:49 - 2015-08-22 19:21 - 00817664 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2015-09-09 13:49 - 2015-08-22 18:55 - 00504832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2015-09-09 13:49 - 2015-08-22 18:50 - 01032704 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcomm.dll
2015-09-09 13:49 - 2015-08-22 18:45 - 00665600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2015-09-09 13:49 - 2015-08-22 18:44 - 00262144 _____ (Microsoft Corporation) C:\WINDOWS\system32\webcheck.dll
2015-09-09 13:49 - 2015-08-22 18:41 - 00801280 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2015-09-09 13:49 - 2015-08-22 18:41 - 00720384 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2015-09-09 13:49 - 2015-08-22 18:41 - 00374784 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2015-09-09 13:49 - 2015-08-22 18:39 - 02126336 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2015-09-09 13:49 - 2015-08-22 18:23 - 00880128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcomm.dll
2015-09-09 13:49 - 2015-08-22 18:20 - 00230400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webcheck.dll
2015-09-09 13:49 - 2015-08-22 18:18 - 02052608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2015-09-09 13:49 - 2015-08-22 18:18 - 00689152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2015-09-09 13:49 - 2015-08-22 18:18 - 00327168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
2015-09-09 13:49 - 2015-08-22 18:14 - 01545728 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2015-09-09 13:49 - 2015-08-22 18:01 - 00800768 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2015-09-09 13:49 - 2015-08-22 18:00 - 01951232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2015-09-09 13:49 - 2015-08-22 17:56 - 01310720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2015-09-09 13:49 - 2015-08-22 17:55 - 00710144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2015-09-09 13:49 - 2015-08-03 23:15 - 00074928 _____ (Microsoft Corporation) C:\WINDOWS\system32\appidapi.dll
2015-09-09 13:49 - 2015-08-03 23:15 - 00065600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\appidapi.dll
2015-09-09 13:49 - 2015-08-01 16:22 - 00039936 _____ (Microsoft Corporation) C:\WINDOWS\system32\appidsvc.dll
2015-09-09 13:49 - 2015-08-01 05:47 - 00229376 _____ (Microsoft Corporation) C:\WINDOWS\system32\schtasks.exe
2015-09-09 13:49 - 2015-08-01 05:45 - 00182784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\schtasks.exe
2015-09-09 13:49 - 2015-08-01 05:38 - 01265152 _____ (Microsoft Corporation) C:\WINDOWS\system32\schedsvc.dll
2015-09-09 13:49 - 2015-08-01 05:37 - 00468992 _____ (Microsoft Corporation) C:\WINDOWS\system32\taskeng.exe
2015-09-09 13:49 - 2015-08-01 05:37 - 00359936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\taskeng.exe
2015-09-09 13:49 - 2015-07-22 16:34 - 02775552 _____ (Microsoft Corporation) C:\WINDOWS\system32\authui.dll
2015-09-09 13:49 - 2015-07-22 16:33 - 01728000 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Immersive.dll
2015-09-09 13:49 - 2015-07-22 16:25 - 02461184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\authui.dll
2015-09-09 13:49 - 2015-07-22 16:25 - 01546752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Immersive.dll
2015-09-09 13:49 - 2015-07-18 20:31 - 00194048 _____ (Microsoft Corporation) C:\WINDOWS\system32\shacct.dll
2015-09-09 13:49 - 2015-07-18 20:29 - 00655872 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSync.dll
2015-09-09 13:49 - 2015-07-18 20:29 - 00148480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shacct.dll
2015-09-09 13:49 - 2015-07-18 20:27 - 00520192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSync.dll
2015-09-05 20:39 - 2015-09-05 20:39 - 00000000 ____D C:\Users\Martin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2015-08-25 11:36 - 2015-08-25 11:36 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2015-08-25 11:20 - 2015-08-27 15:42 - 00000000 ____D C:\Users\Martin\Desktop\Blühmischung Haselrain 2015
2015-08-22 14:16 - 2015-07-22 16:19 - 00041984 _____ (Microsoft Corporation) C:\WINDOWS\system32\UtcResources.dll
2015-08-22 14:16 - 2015-07-22 15:52 - 01633792 _____ (Microsoft Corporation) C:\WINDOWS\system32\diagtrack.dll
2015-08-22 14:16 - 2015-07-17 16:15 - 00951296 _____ (Microsoft Corporation) C:\WINDOWS\system32\tdh.dll
2015-08-22 14:16 - 2015-07-17 16:10 - 00749568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tdh.dll
2015-08-22 14:16 - 2015-07-03 23:51 - 01380056 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32.dll
2015-08-22 14:16 - 2015-07-03 16:00 - 01097216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32.dll
2015-08-22 14:16 - 2015-06-27 13:47 - 00118616 _____ (Microsoft Corporation) C:\WINDOWS\system32\consent.exe
2015-08-22 14:16 - 2015-06-19 19:07 - 02819072 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers.dll
2015-08-22 14:15 - 2015-07-14 05:27 - 00063488 _____ (Microsoft Corporation) C:\WINDOWS\system32\tzsync.exe
2015-08-22 14:15 - 2015-07-13 21:10 - 00411455 _____ C:\WINDOWS\system32\ApnDatabase.xml
2015-08-22 14:15 - 2015-07-10 21:06 - 00118272 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bthpan.sys
2015-08-22 14:15 - 2015-07-09 18:14 - 00228864 _____ (Microsoft Corporation) C:\WINDOWS\system32\profsvc.dll
2015-08-22 14:01 - 2015-07-30 16:04 - 00124624 _____ (Microsoft Corporation) C:\WINDOWS\system32\PresentationCFFRasterizerNative_v0300.dll
2015-08-22 14:01 - 2015-07-30 15:48 - 00103120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PresentationCFFRasterizerNative_v0300.dll
2015-08-22 13:49 - 2015-07-16 22:36 - 00417792 _____ (Microsoft Corporation) C:\WINDOWS\system32\html.iec
2015-08-22 13:49 - 2015-07-16 22:23 - 00615936 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieui.dll
2015-08-22 13:49 - 2015-07-16 21:53 - 00145408 _____ (Microsoft Corporation) C:\WINDOWS\system32\iepeers.dll
2015-08-22 13:49 - 2015-07-16 21:50 - 00341504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\html.iec
2015-08-22 13:49 - 2015-07-16 21:41 - 00479232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieui.dll
2015-08-22 13:49 - 2015-07-16 21:14 - 02880000 _____ (Microsoft Corporation) C:\WINDOWS\system32\actxprxy.dll
2015-08-22 13:49 - 2015-07-16 20:52 - 01048576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\actxprxy.dll
2015-08-22 13:49 - 2015-07-16 02:29 - 07458648 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2015-08-22 13:49 - 2015-07-16 02:29 - 01735000 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll
2015-08-22 13:49 - 2015-07-16 02:29 - 00101720 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mountmgr.sys
2015-08-22 13:49 - 2015-07-16 02:28 - 01499920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll
2015-08-22 13:49 - 2015-07-10 19:54 - 01217024 _____ (Microsoft Corporation) C:\WINDOWS\system32\sysmain.dll
2015-08-22 13:48 - 2015-07-07 11:40 - 00270168 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WdFilter.sys
2015-08-22 13:48 - 2015-07-07 11:40 - 00114520 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WdNisDrv.sys
2015-08-22 13:48 - 2015-07-07 11:40 - 00044560 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WdBoot.sys
2015-08-22 13:48 - 2015-07-02 00:19 - 00228864 _____ (Microsoft Corporation) C:\WINDOWS\system32\WebClnt.dll
2015-08-22 13:48 - 2015-07-02 00:16 - 00104448 _____ (Microsoft Corporation) C:\WINDOWS\system32\davclnt.dll
2015-08-22 13:48 - 2015-07-01 23:37 - 00198656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WebClnt.dll
2015-08-22 13:48 - 2015-07-01 23:35 - 00087040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\davclnt.dll
2015-08-22 13:47 - 2015-07-29 16:37 - 01994752 _____ (Microsoft Corporation) C:\WINDOWS\system32\DWrite.dll
2015-08-22 13:47 - 2015-07-29 16:30 - 01381888 _____ (Microsoft Corporation) C:\WINDOWS\system32\FntCache.dll
2015-08-22 13:47 - 2015-07-29 16:23 - 01559552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DWrite.dll
2015-08-22 13:47 - 2015-07-13 21:46 - 00059392 _____ (Microsoft Corporation) C:\WINDOWS\system32\csrsrv.dll
2015-08-22 13:47 - 2015-07-13 21:45 - 00059392 _____ (Microsoft Corporation) C:\WINDOWS\system32\basesrv.dll
2015-08-22 13:47 - 2015-07-10 20:19 - 01101824 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdvidcrl.dll
2015-08-22 13:47 - 2015-07-10 19:14 - 00856064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rdvidcrl.dll
2015-08-22 13:47 - 2015-07-10 19:13 - 07032320 _____ (Microsoft Corporation) C:\WINDOWS\system32\mstscax.dll
2015-08-22 13:47 - 2015-07-10 18:31 - 06213120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mstscax.dll
2015-08-22 13:47 - 2015-07-09 19:13 - 00221184 _____ (Microsoft Corporation) C:\WINDOWS\system32\notepad.exe
2015-08-22 13:47 - 2015-07-09 19:13 - 00221184 _____ (Microsoft Corporation) C:\WINDOWS\notepad.exe
2015-08-22 13:47 - 2015-07-09 18:30 - 00212992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\notepad.exe
2015-08-13 12:06 - 2015-08-25 16:43 - 00000000 ____D C:\Users\Martin\Desktop\BA Präsentation
==================== Ein Monat: Geänderte Dateien und Ordner ========
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)
2015-09-10 11:23 - 2015-01-20 21:08 - 01375894 _____ C:\WINDOWS\WindowsUpdate.log
2015-09-10 11:20 - 2014-03-21 17:29 - 00003600 _____ C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-3515464670-2770779577-3274627398-1002
2015-09-10 11:08 - 2014-03-11 02:05 - 00000074 _____ C:\Users\Martin\AppData\Roaming\sp_data.sys
2015-09-10 11:06 - 2013-08-22 16:46 - 00355141 _____ C:\WINDOWS\setupact.log
2015-09-10 11:06 - 2013-08-22 16:45 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2015-09-10 11:00 - 2013-08-22 17:36 - 00000000 ____D C:\WINDOWS\system32\sru
2015-09-10 10:37 - 2015-07-15 14:26 - 00001256 _____ C:\WINDOWS\Tasks\DropboxUpdateTaskUserS-1-5-21-3515464670-2770779577-3274627398-1002UA.job
2015-09-10 10:37 - 2015-07-15 14:26 - 00001204 _____ C:\WINDOWS\Tasks\DropboxUpdateTaskUserS-1-5-21-3515464670-2770779577-3274627398-1002Core.job
2015-09-10 10:26 - 2015-01-20 21:15 - 00000000 ____D C:\Users\Martin
2015-09-10 09:35 - 2014-11-21 05:35 - 01776918 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2015-09-10 09:35 - 2014-11-21 04:45 - 00773008 _____ C:\WINDOWS\system32\perfh007.dat
2015-09-10 09:35 - 2014-11-21 04:45 - 00162310 _____ C:\WINDOWS\system32\perfc007.dat
2015-09-10 00:53 - 2012-07-26 10:12 - 00000000 ___HD C:\WINDOWS\ELAMBKUP
2015-09-09 23:47 - 2014-03-23 20:18 - 00000000 ____D C:\Program Files (x86)\Scoretec
2015-09-09 23:39 - 2014-11-20 20:24 - 00091630 _____ C:\WINDOWS\PFRO.log
2015-09-09 23:39 - 2013-08-22 15:25 - 00262144 ___SH C:\WINDOWS\system32\config\BBI
2015-09-09 22:53 - 2014-03-21 19:13 - 00000000 ____D C:\ProgramData\Norton
2015-09-09 14:31 - 2013-08-22 16:44 - 00483672 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2015-09-09 14:31 - 2013-08-22 15:25 - 00262144 ___SH C:\WINDOWS\system32\config\ELAM
2015-09-09 14:29 - 2014-11-21 05:13 - 00000000 ____D C:\Program Files\Windows Journal
2015-09-09 14:29 - 2013-08-22 17:36 - 00000000 ____D C:\WINDOWS\PolicyDefinitions
2015-09-09 14:01 - 2012-07-26 09:59 - 00000000 ____D C:\WINDOWS\CbsTemp
2015-09-09 13:55 - 2014-04-18 19:47 - 00000000 ____D C:\WINDOWS\system32\MRT
2015-09-09 12:00 - 2015-05-15 12:01 - 00003474 _____ C:\WINDOWS\System32\Tasks\ASUS Live Update1
2015-09-09 12:00 - 2015-05-15 12:01 - 00003464 _____ C:\WINDOWS\System32\Tasks\ASUS Live Update2
2015-09-08 19:33 - 2014-07-01 16:17 - 00000000 ____D C:\Users\Martin\AppData\Local\CrashDumps
2015-09-08 16:49 - 2014-12-03 19:22 - 00000000 ____D C:\Users\Martin\AppData\Roaming\Skype
2015-09-07 10:27 - 2015-08-03 17:32 - 00000000 ____D C:\Users\Martin\Desktop\KiBiWo 2015
2015-09-05 20:39 - 2014-07-18 18:33 - 00000000 ____D C:\Users\Martin\AppData\Roaming\Dropbox
2015-09-05 20:14 - 2013-10-05 22:54 - 00000000 ____D C:\Program Files (x86)\Bluetooth Suite
2015-09-04 17:49 - 2014-03-11 02:05 - 00000000 ____D C:\Users\Martin\AppData\Local\Packages
2015-09-02 18:27 - 2014-04-27 15:49 - 00000000 ____D C:\Users\Martin\Documents\Kürbisschilder
2015-09-02 18:12 - 2014-04-27 15:50 - 00011294 _____ C:\Users\Martin\Documents\Verkaufsliste.xlsx
2015-08-29 10:25 - 2014-04-27 15:59 - 00000000 ____D C:\Users\Martin\Desktop\KGR
2015-08-27 16:07 - 2014-04-27 15:50 - 00000000 ____D C:\Users\Martin\Documents\Agrardieselvergütung
2015-08-27 10:50 - 2014-04-27 15:59 - 00000000 ____D C:\Users\Martin\Desktop\Kinderkirche
2015-08-26 18:37 - 2014-04-18 19:47 - 134753440 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2015-08-25 11:36 - 2014-12-03 19:22 - 00002715 _____ C:\Users\Public\Desktop\Skype.lnk
2015-08-25 11:36 - 2014-12-03 19:22 - 00000000 ___RD C:\Program Files (x86)\Skype
2015-08-25 11:36 - 2014-12-03 19:21 - 00000000 ____D C:\ProgramData\Skype
2015-08-22 14:05 - 2014-05-20 11:39 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2015-08-22 14:05 - 2014-05-20 11:39 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2015-08-22 14:04 - 2013-08-22 17:36 - 00000000 ___RD C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2015-08-22 14:04 - 2013-08-22 17:36 - 00000000 ___RD C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2015-08-22 14:04 - 2013-08-22 17:36 - 00000000 ____D C:\Program Files\Windows Defender
2015-08-22 14:04 - 2013-08-22 17:36 - 00000000 ____D C:\Program Files (x86)\Windows Defender
2015-08-22 14:00 - 2014-05-20 11:40 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2015-08-22 13:51 - 2013-08-22 17:36 - 00000000 ___RD C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2015-08-22 13:51 - 2013-08-22 17:36 - 00000000 ___RD C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2015-08-22 11:44 - 2014-03-21 17:30 - 00000000 ____D C:\Program Files\Microsoft Office 15
2015-08-20 17:23 - 2014-04-27 15:49 - 00000000 ____D C:\Users\Martin\Documents\Schnaps Etiketten
2015-08-20 10:28 - 2014-04-27 15:50 - 00000000 ____D C:\Users\Martin\Documents\Äcker und Wiesen
2015-08-19 19:13 - 2014-04-27 15:49 - 00000000 ____D C:\Users\Martin\Documents\Dokumentation von Pflanzenschutz
2015-08-14 15:07 - 2014-09-28 10:16 - 00000000 ____D C:\Users\Martin\AppData\Roaming\HpUpdate
2015-08-12 16:42 - 2014-10-24 15:45 - 00000000 ____D C:\Users\Martin\Documents\Semester 6
2015-08-12 12:20 - 2014-04-27 15:50 - 00000000 ____D C:\Users\Martin\Documents\Telekom Rechnungen
==================== Dateien im Wurzelverzeichnis einiger Verzeichnisse =======
2014-04-18 19:36 - 2014-04-18 19:36 - 0000235 _____ () C:\Users\Martin\AppData\Roaming\devices.xml
2014-04-18 19:36 - 2014-04-18 19:36 - 0000012 _____ () C:\Users\Martin\AppData\Roaming\settings.xml
2014-03-11 02:05 - 2015-09-10 11:08 - 0000074 _____ () C:\Users\Martin\AppData\Roaming\sp_data.sys
2015-03-01 16:01 - 2015-03-01 16:01 - 0001461 _____ () C:\Users\Martin\AppData\Local\recently-used.xbel
2014-09-28 10:14 - 2014-09-28 10:14 - 0000057 _____ () C:\ProgramData\Ament.ini
2015-04-03 15:09 - 2015-04-03 15:09 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
2014-04-18 18:59 - 2014-07-21 19:54 - 0000955 _____ () C:\ProgramData\hpzinstall.log
2013-04-26 01:15 - 2012-09-07 13:40 - 0000256 _____ () C:\ProgramData\SetStretch.cmd
2013-04-26 01:15 - 2009-07-22 12:04 - 0024576 _____ () C:\ProgramData\SetStretch.exe
2013-04-26 01:15 - 2012-09-07 13:37 - 0000103 _____ () C:\ProgramData\SetStretch.VBS
Dateien, die verschoben oder gelöscht werden sollten:
====================
C:\ProgramData\SetStretch.VBS
==================== Bamital & volsnap =================
(Es ist kein automatischer Fix für Dateien vorhanden, die an der Verifikation gescheitert sind.)
C:\WINDOWS\system32\winlogon.exe => Datei ist digital signiert
C:\WINDOWS\system32\wininit.exe => Datei ist digital signiert
C:\WINDOWS\explorer.exe => Datei ist digital signiert
C:\WINDOWS\SysWOW64\explorer.exe => Datei ist digital signiert
C:\WINDOWS\system32\svchost.exe => Datei ist digital signiert
C:\WINDOWS\SysWOW64\svchost.exe => Datei ist digital signiert
C:\WINDOWS\system32\services.exe => Datei ist digital signiert
C:\WINDOWS\system32\User32.dll => Datei ist digital signiert
C:\WINDOWS\SysWOW64\User32.dll => Datei ist digital signiert
C:\WINDOWS\system32\userinit.exe => Datei ist digital signiert
C:\WINDOWS\SysWOW64\userinit.exe => Datei ist digital signiert
C:\WINDOWS\system32\rpcss.dll => Datei ist digital signiert
C:\WINDOWS\system32\dnsapi.dll => Datei ist digital signiert
C:\WINDOWS\SysWOW64\dnsapi.dll => Datei ist digital signiert
C:\WINDOWS\system32\Drivers\volsnap.sys => Datei ist digital signiert
LastRegBack: 2015-09-09 23:34
==================== Ende von FRST.txt ============================
Addition Code:
ATTFilter Zusätzliches Untersuchungsergebnis von Farbar Recovery Scan Tool (x64) Version:07-09-2015
durchgeführt von Martin (2015-09-10 11:27:15)
Gestartet von C:\Users\Martin\Desktop
Windows 8.1 (X64) (2015-01-20 19:36:44)
Start-Modus: Normal
==========================================================
==================== Konten: =============================
Administrator (S-1-5-21-3515464670-2770779577-3274627398-500 - Administrator - Disabled)
Gast (S-1-5-21-3515464670-2770779577-3274627398-501 - Limited - Disabled)
Martin (S-1-5-21-3515464670-2770779577-3274627398-1002 - Administrator - Enabled) => C:\Users\Martin
UpdatusUser (S-1-5-21-3515464670-2770779577-3274627398-1001 - Limited - Enabled) => C:\Users\UpdatusUser
==================== Sicherheits-Center ========================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er entfernt.)
AV: Norton 360 Online (Enabled - Up to date) {53C7D717-52E2-B95E-FA61-6F32ECC805DB}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Norton 360 Online (Enabled - Up to date) {E8A636F3-74D8-B6D0-C0D1-5440974F4F66}
FW: Norton 360 Online (Enabled) {6BFC5632-188D-B806-D13E-C607121B42A0}
==================== Installierte Programme ======================
(Nur Adware-Programme mit dem Zusatz "Hidden" können in die Fixlist aufgenommen werden, um sie sichtbar zu machen. Die Adware-Programme sollten manuell deinstalliert werden.)
Adobe Reader XI (11.0.12) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.12 - Adobe Systems Incorporated)
ASUS Live Update (HKLM-x32\...\{FA540E67-095C-4A1B-97BA-4D547DEC9AF4}) (Version: 3.3.4 - ASUS)
ASUS Power4Gear Hybrid (HKLM\...\{9B6239BF-4E85-4590-8D72-51E30DB1A9AA}) (Version: 3.0.5 - ASUS)
ASUS Screen Saver (HKLM\...\{0FBEEDF8-30FA-4FA3-B31F-C9C7E7E8DFA2}) (Version: 1.0.1 - ASUS)
ASUS Smart Gesture (HKLM-x32\...\{4D3286A6-F6AB-498A-82A4-E4F040529F3D}) (Version: 2.2.2 - ASUS)
ASUS Splendid Video Enhancement Technology (HKLM-x32\...\{0969AF05-4FF6-4C00-9406-43599238DE0D}) (Version: 2.01.0018 - ASUS)
ASUS USB Charger Plus (HKLM-x32\...\{A859E3E5-C62F-4BFA-AF1D-2B95E03166AF}) (Version: 3.1.5 - ASUS)
ASUS VivoBook (HKLM\...\{04FDBE69-F9FD-42A2-9008-E5CE7F60C6BE}) (Version: 1.0.31 - ASUS)
ASUS WebStorage Sync Agent (HKLM-x32\...\ASUS WebStorage) (Version: 1.1.18.159 - ASUS Cloud Corporation)
ASUSDVD (HKLM-x32\...\InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}) (Version: 10.0.5520.52 - CyberLink Corp.)
ASUSDVD (x32 Version: 10.0.5520.52 - CyberLink Corp.) Hidden
AsusVibe2.0 (HKLM-x32\...\Asus Vibe2.0) (Version: 2.0.12.310 - ASUSTEK)
ATK Package (HKLM-x32\...\{AB5C933E-5C7D-4D30-B314-9C83A49B94BE}) (Version: 1.0.0030 - ASUS)
AusweisApp2 (HKLM-x32\...\{1C785E05-CFC7-43BE-9A52-9FB39C180CB8}) (Version: 1.2.2 - Governikus GmbH & Co. KG)
Azteca (x32 Version: 2.2.0.97 - WildTangent) Hidden
Bejeweled 3 (x32 Version: 2.2.0.97 - WildTangent) Hidden
Cisco AnyConnect Secure Mobility Client (HKLM-x32\...\Cisco AnyConnect Secure Mobility Client) (Version: 3.1.00495 - Cisco Systems, Inc.)
Cisco AnyConnect Secure Mobility Client (x32 Version: 3.1.00495 - Cisco Systems, Inc.) Hidden
Cut the Rope (x32 Version: 3.0.2.38 - WildTangent) Hidden
cyberJack Base Components (HKLM-x32\...\{FC338210-F594-11D3-BA24-00001C3AB4DF}) (Version: 7.2.0 - REINER SCT)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Dropbox (HKU\S-1-5-21-3515464670-2770779577-3274627398-1001\...\Dropbox) (Version: 2.10.2 - Dropbox, Inc.)
Dropbox (HKU\S-1-5-21-3515464670-2770779577-3274627398-1002\...\Dropbox) (Version: 3.8.8 - Dropbox, Inc.)
ExpressCache (HKLM\...\{C123584F-9C84-45E8-AE5F-522328BB79A0}) (Version: 1.0.100.0 - Condusiv Technologies)
Fotogalerie (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Galerie de photos (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
GIMP 2.8.14 (HKLM\...\GIMP-2_is1) (Version: 2.8.14 - The GIMP Team)
HP FWUpdateEDO2 (HKLM-x32\...\{415FA9AD-DA10-4ABE-97B6-5051D4795C90}) (Version: 1.2.0.0 - Hewlett-Packard)
HP Officejet Pro 8610 - Grundlegende Software für das Gerät (HKLM\...\{C1586445-E3CA-45F0-A754-E6C2784CDDB7}) (Version: 32.3.198.49673 - Hewlett-Packard Co.)
HP Officejet Pro 8610 Hilfe (HKLM-x32\...\{2466D8D5-4856-4492-BDEF-48A640F58866}) (Version: 32.0.0 - Hewlett Packard)
HP Update (HKLM-x32\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)
HPDiagnosticAlert (x32 Version: 1.00.0001 - Microsoft) Hidden
I.R.I.S. OCR (HKLM-x32\...\{CA6BCA2F-EDEB-408F-850B-31404BE16A61}) (Version: 12.3.4.0 - HP)
Intel Experience Center - Configuration (x32 Version: 1.9.0.8 - Intel) Hidden
Intel(R) Dynamic Platform and Thermal Framework (HKLM-x32\...\FFD10ECE-F715-4a86-9BD8-F6F47DA5DA1C) (Version: 7.0.0.2023 - Intel Corporation)
Intel(R) Experience Center Desktop Software (HKLM-x32\...\{85de612b-ee05-476a-87cc-52e5740de420}) (Version: 1.9.0.8 - Intel)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.5.13.1706 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3308 - Intel Corporation)
Intel(R) SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 3.0.0.63463 - Intel Corporation)
Intel(R) Update Manager (HKLM-x32\...\{12914061-EB9B-4AE7-AC7E-0B8A607C7DF4}) (Version: 2.3.1338 - Intel Corporation)
i-port.de Bestellsoftware (HKLM-x32\...\{B4244B8D-0D9C-4EB0-BDF3-03A2060E96A8}}_is1) (Version: 3.5.7.5 - Foto Online Service GmbH)
LPT System Updater Service (x32 Version: 1.0.0.0 - LPT) Hidden <==== ACHTUNG
Microsoft Office 365 - de-de (HKLM\...\O365HomePremRetail - de-de) (Version: 15.0.4745.1002 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-3515464670-2770779577-3274627398-1002\...\OneDriveSetup.exe) (Version: 17.3.1171.0714 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.40728.0 - Microsoft Corporation)
Microsoft SkyDrive (HKU\S-1-5-21-3515464670-2770779577-3274627398-1001\...\SkyDriveSetup.exe) (Version: 16.4.6013.0910 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft Visual Studio 2010-Tools für Office-Laufzeit (x64) Language Pack - DEU (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64) Language Pack - DEU) (Version: 10.0.50903 - Microsoft Corporation)
Movie Maker (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Mozilla Firefox 39.0 (x86 de) (HKLM-x32\...\Mozilla Firefox 39.0 (x86 de)) (Version: 39.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 38.0.1 - Mozilla)
MyBitCast 2.0 (HKLM-x32\...\MyBitCast) (Version: 2.0 - ASUS)
Norton 360 Online (HKLM-x32\...\N360) (Version: 22.5.2.15 - Symantec Corporation)
NVIDIA Grafiktreiber 331.65 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 331.65 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.13.0725 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.13.0725 - NVIDIA Corporation)
NVIDIA Update 1.15.2 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 1.15.2 - NVIDIA Corporation)
Office 15 Click-to-Run Extensibility Component (x32 Version: 15.0.4745.1002 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Licensing Component (Version: 15.0.4745.1002 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Localization Component (x32 Version: 15.0.4745.1002 - Microsoft Corporation) Hidden
Peggle (x32 Version: 2.2.0.95 - WildTangent) Hidden
Penguins! (x32 Version: 2.2.0.98 - WildTangent) Hidden
Qualcomm Atheros Bluetooth Suite (64) (HKLM\...\{A84A4FB1-D703-48DB-89E0-68B6499D2801}) (Version: 8.0.0.226 - Qualcomm Atheros Communications)
Qualcomm Atheros Client Installation Program (HKLM-x32\...\{28006915-2739-4EBE-B5E8-49B25D32EB33}) (Version: 10.0 - Qualcomm Atheros)
Raccolta foto (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.16.614.2013 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7404 - Realtek Semiconductor Corp.)
Realtek USB Card Reader (HKLM-x32\...\{1E496A68-4943-424E-829D-5C3C85B7B8F2}) (Version: 6.2.9200.39041 - Realtek Semiconductor Corp.)
Shared C Run-time for x64 (HKLM\...\{EF79C448-6946-4D71-8134-03407888C054}) (Version: 10.0.0 - McAfee)
SigmaPlot 13.0 (HKLM-x32\...\{88B90FF3-D0D3-454A-AACE-9B026E2829E3}) (Version: 13.0 - Systat Software, Inc.)
Skype™ 7.8 (HKLM-x32\...\{6A0549A9-1B96-498C-ACBC-3943001FEB19}) (Version: 7.8.102 - Skype Technologies S.A.)
Startfenster (HKLM-x32\...\Startfenster) (Version: - Startfenster)
Studie zur Verbesserung von HP Officejet Pro 8610 (HKLM\...\{C597CC7C-D465-4761-8516-274F3713FE85}) (Version: 32.3.198.49673 - Hewlett-Packard Co.)
Tales of Lagoona (x32 Version: 2.2.0.110 - WildTangent) Hidden
Update Installer for WildTangent Games App (x32 Version: - WildTangent) Hidden
VLC media player (HKLM\...\VLC media player) (Version: 2.2.0 - VideoLAN)
WildTangent Games (HKLM-x32\...\WildTangent wildgames Master Uninstall) (Version: 1.0.0.0 - WildTangent)
WildTangent Games App (x32 Version: 4.0.10.5 - WildTangent) Hidden
Windows Driver Package - ASUS (ATP) Mouse (07/16/2013 1.0.0.181) (HKLM\...\16D5A24C881B7CEE31FBA6DD5EC1C194C188F85A) (Version: 07/16/2013 1.0.0.181 - ASUS)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3505.0912 - Microsoft Corporation)
WinFlash (HKLM-x32\...\{8F21291E-0444-4B1D-B9F9-4370A73E346D}) (Version: 2.42.0 - ASUS)
==================== Benutzerdefinierte CLSID (Nicht auf der Ausnahmeliste): ==========================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
CustomCLSID: HKU\S-1-5-21-3515464670-2770779577-3274627398-1002_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Martin\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3515464670-2770779577-3274627398-1002_Classes\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}\InprocServer32 -> C:\Users\Martin\AppData\Local\Microsoft\SkyDrive\17.3.1171.0714\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3515464670-2770779577-3274627398-1002_Classes\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}\InprocServer32 -> C:\Users\Martin\AppData\Local\Microsoft\SkyDrive\17.3.1171.0714\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3515464670-2770779577-3274627398-1002_Classes\CLSID\{CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B}\InprocServer32 -> C:\Users\Martin\AppData\Local\Microsoft\SkyDrive\17.3.1171.0714\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3515464670-2770779577-3274627398-1002_Classes\CLSID\{ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C}\InprocServer32 -> C:\Users\Martin\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3515464670-2770779577-3274627398-1002_Classes\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}\InprocServer32 -> C:\Users\Martin\AppData\Local\Microsoft\SkyDrive\17.3.1171.0714\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3515464670-2770779577-3274627398-1002_Classes\CLSID\{F8071786-1FD0-4A66-81A1-3CBE29274458}\InprocServer32 -> C:\Users\Martin\AppData\Local\Microsoft\SkyDrive\17.3.1171.0714\amd64\FileSyncApi64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3515464670-2770779577-3274627398-1002_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Martin\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3515464670-2770779577-3274627398-1002_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Martin\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3515464670-2770779577-3274627398-1002_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Martin\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3515464670-2770779577-3274627398-1002_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Martin\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3515464670-2770779577-3274627398-1002_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Martin\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3515464670-2770779577-3274627398-1002_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Martin\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3515464670-2770779577-3274627398-1002_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Martin\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3515464670-2770779577-3274627398-1002_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Martin\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3515464670-2770779577-3274627398-1002_Classes\CLSID\{FBC9D74C-AF55-4309-9FB2-C426E071637F}\InprocServer32 -> C:\Users\Martin\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll (Dropbox, Inc.)
==================== Wiederherstellungspunkte =========================
17-07-2015 19:48:17 Windows Update
25-07-2015 09:11:27 Windows Update
02-08-2015 16:32:20 Norton 360 Registry Clean
08-08-2015 10:31:12 Windows Update
22-08-2015 13:49:43 Windows Update
09-09-2015 13:50:19 Windows Update
==================== Hosts Inhalt: ===============================
(Wenn benötigt kann der Hosts: Schalter in die Fixlist aufgenommen werden um die Hosts Datei zurückzusetzen.)
2013-08-22 15:25 - 2013-08-22 15:25 - 00000824 ____N C:\WINDOWS\system32\Drivers\etc\hosts
==================== Geplante Aufgaben (Nicht auf der Ausnahmeliste) =============
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
Task: {0D131646-A5B6-454C-971A-882CE4E00C8B} - System32\Tasks\ASUS Splendid ACMON => C:\Program Files (x86)\ASUS\Splendid\ACMON.exe [2013-08-19] (ASUS)
Task: {158C4F9B-4D7F-4FDD-A95C-A76B7DA42A43} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesCommonx86\Microsoft Shared\OFFICE15\OLicenseHeartbeat.exe [2015-07-14] (Microsoft Corporation)
Task: {40A7D62C-5CB7-4581-A718-7946C23281FE} - System32\Tasks\ASUS Patch for Touch Panel => C:\ProgramData\AsTouchPanel\AsPatchTouchPanel64.exe [2013-01-09] (ASUSTek Computer INC.)
Task: {414353C2-75C7-4589-95DA-2201D2EC6CCA} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2015-07-14] (Microsoft Corporation)
Task: {41FDFD20-DC8E-4263-B96A-A033ADF904D2} - System32\Tasks\HPCustParticipation HP Officejet Pro 8610 => C:\Program Files\HP\HP Officejet Pro 8610\Bin\HPCustPartic.exe [2014-07-21] (Hewlett-Packard Development Company, LP)
Task: {4609E992-5058-4FE5-BC46-C59781E3FAAC} - System32\Tasks\DropboxUpdateTaskUserS-1-5-21-3515464670-2770779577-3274627398-1002Core => C:\Users\Martin\AppData\Local\Dropbox\Update\DropboxUpdate.exe [2015-07-15] (Dropbox, Inc.)
Task: {476214CB-C268-4E55-A39D-951D6F185618} - System32\Tasks\ASUS InstantOn Config => C:\Program Files\ASUS\P4G\InsOnCfg.exe
Task: {506915FB-00F1-4FB3-865E-FA1BD37788FC} - System32\Tasks\Update Checker => C:\Program Files (x86)\ASUS\ASUS Live Update\UpdateChecker.exe [2015-02-12] ()
Task: {5EEFCB2D-EC58-446D-BBBD-9EE76B731A5C} - System32\Tasks\ASUS Smart Gesture Launcher => C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPLauncher.exe [2013-08-08] (AsusTek)
Task: {7298831A-986B-4569-ABD0-31A22A5EB3BD} - System32\Tasks\ASUS Live Update2 => C:\Program Files (x86)\ASUS\ASUS Live Update\LiveUpdate.exe [2015-03-23] (ASUSTeK Computer Inc.)
Task: {7E58A23E-DA0B-496C-A19B-C8CE0D4CF487} - System32\Tasks\ASUS Live Update1 => C:\Program Files (x86)\ASUS\ASUS Live Update\LiveUpdate.exe [2015-03-23] (ASUSTeK Computer Inc.)
Task: {83016F80-86D4-4FA4-9072-4A48BE46F1E8} - System32\Tasks\ASUS Splendid ColorU => C:\Program Files (x86)\ASUS\Splendid\ColorUService.exe [2013-08-16] (ASUSTeK Computer Inc.)
Task: {8EEBD759-4DA4-4BEF-B46A-FC019794AE32} - System32\Tasks\Norton 360\Norton Error Processor => C:\Program Files (x86)\Norton 360\Engine\22.5.2.15\SymErr.exe [2015-05-19] (Symantec Corporation)
Task: {A54C85A3-480F-41E4-AAA9-89F9594A9E53} - System32\Tasks\Remediation\AntimalwareMigrationTask => C:\Program Files\Common Files\AV\Norton 360 Online\Upgrade.exe [2015-07-27] (Symantec Corporation)
Task: {AEC33DD3-D455-42C2-9C40-C60D7AF59A0A} - System32\Tasks\Norton WSC Integration => C:\Program Files (x86)\Norton 360\Engine\22.5.2.15\WSCStub.exe [2015-07-16] (Symantec Corporation)
Task: {B619E8E9-7D21-436F-9C7B-85B29F4C2A91} - System32\Tasks\DropboxUpdateTaskUserS-1-5-21-3515464670-2770779577-3274627398-1002UA => C:\Users\Martin\AppData\Local\Dropbox\Update\DropboxUpdate.exe [2015-07-15] (Dropbox, Inc.)
Task: {BBFD86CC-AEF2-4341-B3CC-0420A8AFEECD} - System32\Tasks\AsusVibeSchedule => C:\Program Files (x86)\Asus\AsusVibe\AsusVibeLauncher.exe [2013-07-09] ()
Task: {BD8526F5-7A39-4C04-BFC2-ACD114C5DB18} - System32\Tasks\Norton 360\Norton Error Analyzer => C:\Program Files (x86)\Norton 360\Engine\22.5.2.15\SymErr.exe [2015-05-19] (Symantec Corporation)
Task: {BEF3F9E0-2977-43D1-A730-07607EA5BE2F} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2015-07-14] (Microsoft Corporation)
Task: {C2172E41-921E-4DB9-A45A-A91A0D04CAF8} - System32\Tasks\ASUS Vivokey => C:\Program Files\ASUS\ASUS VivoBook\vivokey.exe [2013-08-23] (ASUSTek Computer Inc.)
Task: {C5314E75-AC88-4F4B-BDB6-2D319DEF4932} - System32\Tasks\RtHDVBg => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [2014-12-11] (Realtek Semiconductor)
Task: {CE0C27F4-2FCB-4224-A851-9BD1D1327D56} - System32\Tasks\CreateChoiceProcessTask => C:\Windows\BrowserChoice\browserchoice.exe
Task: {D257DF6D-57BC-4886-8988-F80E5E861B54} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-07-07] (Adobe Systems Incorporated)
Task: {D5EF0318-843C-4AC3-9C2B-21977C825E51} - System32\Tasks\RTKCPL => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [2014-12-11] (Realtek Semiconductor)
Task: {E15AFF17-0D01-4F7D-8A02-9A1DD5BDA2E2} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2015-08-26] (Microsoft Corporation)
Task: {E45FA079-0A84-4A35-864A-BC4CF4234544} - System32\Tasks\ASUS USB Charger Plus => C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe [2013-08-09] (ASUSTek Computer Inc.)
Task: {EA889F9D-365D-40E3-A424-0D53B3B1F0AA} - System32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473 => C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\iumsvc.exe [2014-02-28] ()
Task: {EBCE125A-C414-4B68-BA39-3A958F33F225} - System32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473-Logon => C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\iumsvc.exe [2014-02-28] ()
Task: {F0EAD2AE-6B34-4AD1-909C-B48CF1D887C5} - System32\Tasks\ASUS P4G => C:\Program Files\ASUS\P4G\BatteryLife.exe [2013-07-23] (ASUS)
Task: {F2CB4B7A-9D1E-4752-8983-4BE0770C76D7} - System32\Tasks\Microsoft\Windows\Application Experience\ProgramDataUpdater => Rundll32.exe invagent.dll,RunUpdate -noappraiser
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Aufgabe verschoben. Die Datei, die durch die Aufgabe gestartet wird, wird nicht verschoben.)
Task: C:\WINDOWS\Tasks\DropboxUpdateTaskUserS-1-5-21-3515464670-2770779577-3274627398-1002Core.job => C:\Users\Martin\AppData\Local\Dropbox\Update\DropboxUpdate.exe
Task: C:\WINDOWS\Tasks\DropboxUpdateTaskUserS-1-5-21-3515464670-2770779577-3274627398-1002UA.job => C:\Users\Martin\AppData\Local\Dropbox\Update\DropboxUpdate.exe
==================== Geladene Module (Nicht auf der Ausnahmeliste) ==============
2013-12-10 08:13 - 2013-12-10 08:13 - 00013088 _____ () C:\Program Files\NVIDIA Corporation\CoProcManager\detoured.dll
2015-01-20 21:08 - 2013-10-23 10:20 - 00102176 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2013-07-23 10:54 - 2013-07-23 10:54 - 00031360 _____ () C:\Program Files\ASUS\P4G\DevMng.dll
2012-12-19 08:10 - 2012-12-19 08:10 - 00072192 _____ () C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.18.159\AsusWSWinService.exe
2014-04-18 20:05 - 2014-05-20 09:19 - 00105640 _____ () C:\Program Files\Microsoft Office 15\ClientX64\ApiClient.dll
2013-04-24 17:09 - 2013-04-24 17:09 - 00011264 _____ () C:\Program Files (x86)\Bluetooth Suite\Modules\ActivateDesktopDebugger\ActivateDesktopDebugger.dll
2013-04-24 17:07 - 2013-04-24 17:07 - 00086016 _____ () C:\Program Files (x86)\Bluetooth Suite\Modules\Map\MAP.dll
2013-04-24 17:12 - 2013-04-24 17:12 - 00012928 _____ () C:\Program Files (x86)\Bluetooth Suite\ActivateDesktop.exe
2012-08-03 21:53 - 2012-08-03 21:53 - 00062968 _____ () C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\zlib1.dll
2013-08-19 18:16 - 2013-08-19 18:16 - 00015440 _____ () C:\Program Files (x86)\ASUS\Splendid\DetectDisplayDC.dll
2013-08-16 11:03 - 2013-08-16 11:03 - 00023040 _____ () C:\Program Files (x86)\ASUS\Splendid\CCTAdjust.dll
2013-12-10 08:13 - 2013-12-10 08:13 - 00013088 _____ () C:\Program Files (x86)\NVIDIA Corporation\CoProcManager\detoured.dll
2013-10-05 22:45 - 2013-08-08 14:23 - 01242584 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\ACE.dll
==================== Alternate Data Streams (Nicht auf der Ausnahmeliste) =========
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird nur der ADS entfernt.)
==================== Abgesicherter Modus (Nicht auf der Ausnahmeliste) ===================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Der Wert "AlternateShell" wird wiederhergestellt.)
==================== EXE Verknüpfungen (Nicht auf der Ausnahmeliste) ===============
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt.)
==================== Internet Explorer Vertrauenswürdig/Eingeschränkt ===============
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt.)
IE trusted site: HKU\S-1-5-21-3515464670-2770779577-3274627398-1002\...\127.0.0.1 -> hxxp://127.0.0.1
==================== Andere Bereiche ============================
(Aktuell gibt es keinen automatisierten Fix für diesen Bereich.)
HKU\S-1-5-21-3515464670-2770779577-3274627398-1001\Control Panel\Desktop\\Wallpaper ->
HKU\S-1-5-21-3515464670-2770779577-3274627398-1002\Control Panel\Desktop\\Wallpaper -> C:\Windows\ASUS\wallpapers\ASUS.jpg
DNS Servers: 192.168.2.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall ist aktiviert.
==================== MSCONFIG/TASK MANAGER Deaktivierte Einträge ==
(Aktuell gibt es keinen automatisierten Fix für diesen Bereich.)
HKU\S-1-5-21-3515464670-2770779577-3274627398-1001\...\StartupApproved\StartupFolder: => "An OneNote senden.lnk"
HKU\S-1-5-21-3515464670-2770779577-3274627398-1002\...\StartupApproved\StartupFolder: => "An OneNote senden.lnk"
HKU\S-1-5-21-3515464670-2770779577-3274627398-1002\...\StartupApproved\Run: => "Dropbox Update"
==================== Firewall Regeln (Nicht auf der Ausnahmeliste) ===============
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [{751F841B-9D64-4C50-A018-BE9CA092A5D4}] => (Allow) C:\Users\Martin\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [{950877E4-82DD-4ED7-975E-2A7BB79C2351}] => (Allow) C:\Users\Martin\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [{85822F7D-18B7-4892-AF89-9B1B4698E078}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
FirewallRules: [{10D9E59D-39F2-455B-90E9-E8BD360101B4}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
FirewallRules: [{3928848A-37F9-4D9C-A6B8-A6A885D8D78E}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\outlook.exe
FirewallRules: [{D2AC0B64-FA96-49B9-AE81-62AD4C0F9175}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD10\PowerDVD10.EXE
FirewallRules: [{9CBDB688-1560-4EC3-B3C4-13B86FD1A88A}] => (Allow) C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe
FirewallRules: [{99AB5382-1059-45AC-AAEB-E32736E99DF9}] => (Allow) C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe
FirewallRules: [{08DF9207-336B-4D4F-B1FD-122BC45D324B}] => (Allow) LPort=1900
FirewallRules: [{CACDB418-5466-44CB-97EB-234638B11E8D}] => (Allow) LPort=2869
FirewallRules: [{8F742722-EB63-4B60-8280-435B83C49A8F}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{1B753360-4F37-4FE7-91C8-7B951E0BB4DF}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{5C96BA0C-C228-4D5D-B2AF-C807599DC021}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{8C373356-43AD-42B1-A057-257449FA707E}] => (Allow) C:\Users\Martin\AppData\Local\Temp\7zS5C4C\HPDiagnosticCoreUI.exe
FirewallRules: [{2ACD19DF-50FB-4126-9924-18106E745FD3}] => (Allow) C:\Users\Martin\AppData\Local\Temp\7zS5C4C\HPDiagnosticCoreUI.exe
FirewallRules: [{A12D5A7A-548C-4D13-9750-5CE1C783ECAF}] => (Allow) C:\Program Files\HP\HP Officejet Pro 8610\bin\FaxApplications.exe
FirewallRules: [{B289DC0F-4830-432D-84A4-1A2541B4D1EB}] => (Allow) C:\Program Files\HP\HP Officejet Pro 8610\bin\DigitalWizards.exe
FirewallRules: [{190175D6-97F1-45CD-87F5-DA52B8783708}] => (Allow) C:\Program Files\HP\HP Officejet Pro 8610\bin\SendAFax.exe
FirewallRules: [{2B43AB12-80FC-4488-B064-4072CC2ABF09}] => (Allow) C:\Program Files\HP\HP Officejet Pro 8610\Bin\DeviceSetup.exe
FirewallRules: [{B6617DA2-917E-4925-90A9-54EFFAF2C2EC}] => (Allow) LPort=5357
FirewallRules: [{18758A9E-399C-43A6-9BAE-6C5A8651EC9D}] => (Allow) C:\Program Files\HP\HP Officejet Pro 8610\Bin\HPNetworkCommunicatorCom.exe
FirewallRules: [{38AB1BD2-8933-4AF1-AE25-F75BD4FAF664}] => (Allow) C:\Users\Martin\AppData\Local\Temp\7zS68C6\HPDiagnosticCoreUI.exe
FirewallRules: [{5EFF3C30-5418-44BE-B752-DADF66A79672}] => (Allow) C:\Users\Martin\AppData\Local\Temp\7zS68C6\HPDiagnosticCoreUI.exe
FirewallRules: [{9B209BC0-BE38-43A1-8798-A669D23B7168}] => (Allow) C:\Users\Martin\AppData\Local\Temp\7zS693C\HPDiagnosticCoreUI.exe
FirewallRules: [{0E1DEA38-16FD-49FF-918F-54608336B1D0}] => (Allow) C:\Users\Martin\AppData\Local\Temp\7zS693C\HPDiagnosticCoreUI.exe
FirewallRules: [{C99C6943-96E7-41FE-A3C3-721B5CD6B873}] => (Allow) C:\Users\Martin\AppData\Local\Temp\7zS026A\HPDiagnosticCoreUI.exe
FirewallRules: [{D372B8AC-3B0C-4D7B-BF1C-B93378B8D281}] => (Allow) C:\Users\Martin\AppData\Local\Temp\7zS026A\HPDiagnosticCoreUI.exe
FirewallRules: [AusweisApp2-Firewall-Rule] => (Allow) C:\Program Files (x86)\AusweisApp2 1.2.2\AusweisApp2.exe
==================== Fehlerhafte Geräte im Gerätemanager =============
Name: Cisco AnyConnect Secure Mobility Client Virtual Miniport Adapter for Windows x64
Description: Cisco AnyConnect Secure Mobility Client Virtual Miniport Adapter for Windows x64
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Cisco Systems
Service: vpnva
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
==================== Fehlereinträge in der Ereignisanzeige: =========================
Applikationsfehler:
==================
Error: (09/09/2015 11:00:12 PM) (Source: MsiInstaller) (EventID: 11706) (User: Martin-Laptop)
Description: Product: LPT System Updater Service -- Error 1706. An installation package for the product LPT System Updater Service cannot be found. Try the installation again using a valid copy of the installation package 'LPTInstaller.msi'.
Error: (09/09/2015 10:59:45 PM) (Source: MsiInstaller) (EventID: 11706) (User: Martin-Laptop)
Description: Product: LPT System Updater Service -- Error 1706. An installation package for the product LPT System Updater Service cannot be found. Try the installation again using a valid copy of the installation package 'LPTInstaller.msi'.
Error: (09/09/2015 02:37:13 PM) (Source: Python Service) (EventID: 255) (User: )
Description: Exception : (1056, 'StartService', 'Es wird bereits eine Instanz des Dienstes ausgef\xfchrt.')
Error: (09/08/2015 07:32:57 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: SplitCam.exe, Version: 6.9.4.1, Zeitstempel: 0x541675c3
Name des fehlerhaften Moduls: CLFLVSplitter.ax, Version: 1.0.0.3327, Zeitstempel: 0x4e817ba8
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00007d16
ID des fehlerhaften Prozesses: 0x1810
Startzeit der fehlerhaften Anwendung: 0xSplitCam.exe0
Pfad der fehlerhaften Anwendung: SplitCam.exe1
Pfad des fehlerhaften Moduls: SplitCam.exe2
Berichtskennung: SplitCam.exe3
Vollständiger Name des fehlerhaften Pakets: SplitCam.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: SplitCam.exe5
Error: (09/08/2015 04:21:04 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: GWXUX.exe, Version: 6.3.9600.17924, Zeitstempel: 0x55959290
Name des fehlerhaften Moduls: ntdll.dll, Version: 6.3.9600.17936, Zeitstempel: 0x55a68e0c
Ausnahmecode: 0xc0000005
Fehleroffset: 0x000000000003d86e
ID des fehlerhaften Prozesses: 0x2c08
Startzeit der fehlerhaften Anwendung: 0xGWXUX.exe0
Pfad der fehlerhaften Anwendung: GWXUX.exe1
Pfad des fehlerhaften Moduls: GWXUX.exe2
Berichtskennung: GWXUX.exe3
Vollständiger Name des fehlerhaften Pakets: GWXUX.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: GWXUX.exe5
Error: (09/08/2015 04:20:59 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: GWXUX.exe, Version: 6.3.9600.17924, Zeitstempel: 0x55959290
Name des fehlerhaften Moduls: ntdll.dll, Version: 6.3.9600.17936, Zeitstempel: 0x55a68e0c
Ausnahmecode: 0xc0000005
Fehleroffset: 0x000000000003d86e
ID des fehlerhaften Prozesses: 0x2c08
Startzeit der fehlerhaften Anwendung: 0xGWXUX.exe0
Pfad der fehlerhaften Anwendung: GWXUX.exe1
Pfad des fehlerhaften Moduls: GWXUX.exe2
Berichtskennung: GWXUX.exe3
Vollständiger Name des fehlerhaften Pakets: GWXUX.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: GWXUX.exe5
Error: (09/06/2015 11:03:45 AM) (Source: ESENT) (EventID: 454) (User: )
Description: taskhostex (13304) IndexedDb: Bei Datenbankwiederherstellung trat ein unerwarteter Fehler -1216 auf.
Error: (09/06/2015 11:03:45 AM) (Source: ESENT) (EventID: 494) (User: )
Description: taskhostex (13304) IndexedDb: Bei der Datenbankwiederherstellung ist ein Fehler aufgetreten (Fehler -1216), da Verweise auf Datenbank "C:\Users\Martin\AppData\Local\Microsoft\Internet Explorer\Indexed DB\Internet.edb" festgestellt wurden, die nicht mehr vorhanden ist. Die Datenbank wurde nicht sauber heruntergefahren, bevor sie entfernt (oder möglicherweise verschoben oder umbenannt) wurde. Das Datenbankmodul lässt den Abschluss der Wiederherstellung für diese Instanz erst dann zu, wenn die fehlende Datenbank wieder verfügbar gemacht wird. Wenn die Datenbank tatsächlich nicht mehr verfügbar oder nicht mehr erforderlich ist, finden Sie Informationen zum Beheben dieses Fehlers in der Microsoft Knowledge Base oder unter dem Link "Weitere Informationen" am Ende dieser Meldung.
Error: (09/03/2015 07:08:14 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: SplitCam.exe, Version: 6.9.4.1, Zeitstempel: 0x541675c3
Name des fehlerhaften Moduls: CLFLVSplitter.ax, Version: 1.0.0.3327, Zeitstempel: 0x4e817ba8
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00007d16
ID des fehlerhaften Prozesses: 0xea0
Startzeit der fehlerhaften Anwendung: 0xSplitCam.exe0
Pfad der fehlerhaften Anwendung: SplitCam.exe1
Pfad des fehlerhaften Moduls: SplitCam.exe2
Berichtskennung: SplitCam.exe3
Vollständiger Name des fehlerhaften Pakets: SplitCam.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: SplitCam.exe5
Error: (09/02/2015 10:36:34 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: WSHost.exe, Version: 6.3.9600.17415, Zeitstempel: 0x545040f3
Name des fehlerhaften Moduls: WinStoreUI.dll, Version: 6.3.9600.17819, Zeitstempel: 0x554636a9
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00000000000569d9
ID des fehlerhaften Prozesses: 0x790
Startzeit der fehlerhaften Anwendung: 0xWSHost.exe0
Pfad der fehlerhaften Anwendung: WSHost.exe1
Pfad des fehlerhaften Moduls: WSHost.exe2
Berichtskennung: WSHost.exe3
Vollständiger Name des fehlerhaften Pakets: WSHost.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: WSHost.exe5
Systemfehler:
=============
Error: (09/10/2015 10:58:52 AM) (Source: Schannel) (EventID: 4120) (User: NT-AUTORITÄT)
Description: Es wurde eine schwerwiegende Warnung generiert und an den Remoteendpunkt gesendet. Dies kann dazu führen, dass die Verbindung beendet wird. Die schwerwiegende Warnung hat folgenden für das TLS-Protokoll definierten Code: 10. Der Windows-SChannel-Fehlerstatus lautet: 10.
Error: (09/10/2015 10:58:52 AM) (Source: Schannel) (EventID: 4120) (User: NT-AUTORITÄT)
Description: Es wurde eine schwerwiegende Warnung generiert und an den Remoteendpunkt gesendet. Dies kann dazu führen, dass die Verbindung beendet wird. Die schwerwiegende Warnung hat folgenden für das TLS-Protokoll definierten Code: 10. Der Windows-SChannel-Fehlerstatus lautet: 10.
Error: (09/10/2015 10:54:47 AM) (Source: Schannel) (EventID: 4120) (User: NT-AUTORITÄT)
Description: Es wurde eine schwerwiegende Warnung generiert und an den Remoteendpunkt gesendet. Dies kann dazu führen, dass die Verbindung beendet wird. Die schwerwiegende Warnung hat folgenden für das TLS-Protokoll definierten Code: 10. Der Windows-SChannel-Fehlerstatus lautet: 10.
Error: (09/10/2015 10:54:47 AM) (Source: Schannel) (EventID: 4120) (User: NT-AUTORITÄT)
Description: Es wurde eine schwerwiegende Warnung generiert und an den Remoteendpunkt gesendet. Dies kann dazu führen, dass die Verbindung beendet wird. Die schwerwiegende Warnung hat folgenden für das TLS-Protokoll definierten Code: 10. Der Windows-SChannel-Fehlerstatus lautet: 10.
Error: (09/10/2015 10:43:47 AM) (Source: Schannel) (EventID: 4120) (User: NT-AUTORITÄT)
Description: Es wurde eine schwerwiegende Warnung generiert und an den Remoteendpunkt gesendet. Dies kann dazu führen, dass die Verbindung beendet wird. Die schwerwiegende Warnung hat folgenden für das TLS-Protokoll definierten Code: 40. Der Windows-SChannel-Fehlerstatus lautet: 252.
Error: (09/10/2015 10:43:47 AM) (Source: Schannel) (EventID: 4120) (User: NT-AUTORITÄT)
Description: Es wurde eine schwerwiegende Warnung generiert und an den Remoteendpunkt gesendet. Dies kann dazu führen, dass die Verbindung beendet wird. Die schwerwiegende Warnung hat folgenden für das TLS-Protokoll definierten Code: 40. Der Windows-SChannel-Fehlerstatus lautet: 252.
Error: (09/10/2015 09:15:56 AM) (Source: Schannel) (EventID: 4119) (User: NT-AUTORITÄT)
Description: Es wurde eine schwerwiegende Warnung vom Remoteendpunkt empfangen. Die schwerwiegende Warnung hat folgenden für das TLS-Protokoll definierten Code: 40.
Error: (09/10/2015 09:15:56 AM) (Source: Schannel) (EventID: 4119) (User: NT-AUTORITÄT)
Description: Es wurde eine schwerwiegende Warnung vom Remoteendpunkt empfangen. Die schwerwiegende Warnung hat folgenden für das TLS-Protokoll definierten Code: 40.
Error: (09/10/2015 08:53:27 AM) (Source: Schannel) (EventID: 4120) (User: NT-AUTORITÄT)
Description: Es wurde eine schwerwiegende Warnung generiert und an den Remoteendpunkt gesendet. Dies kann dazu führen, dass die Verbindung beendet wird. Die schwerwiegende Warnung hat folgenden für das TLS-Protokoll definierten Code: 10. Der Windows-SChannel-Fehlerstatus lautet: 10.
Error: (09/10/2015 08:53:27 AM) (Source: Schannel) (EventID: 4120) (User: NT-AUTORITÄT)
Description: Es wurde eine schwerwiegende Warnung generiert und an den Remoteendpunkt gesendet. Dies kann dazu führen, dass die Verbindung beendet wird. Die schwerwiegende Warnung hat folgenden für das TLS-Protokoll definierten Code: 10. Der Windows-SChannel-Fehlerstatus lautet: 10.
Microsoft Office:
=========================
Error: (09/09/2015 11:00:12 PM) (Source: MsiInstaller) (EventID: 11706) (User: Martin-Laptop)
Description: Product: LPT System Updater Service -- Error 1706. An installation package for the product LPT System Updater Service cannot be found. Try the installation again using a valid copy of the installation package 'LPTInstaller.msi'.(NULL)(NULL)(NULL)(NULL)(NULL)
Error: (09/09/2015 10:59:45 PM) (Source: MsiInstaller) (EventID: 11706) (User: Martin-Laptop)
Description: Product: LPT System Updater Service -- Error 1706. An installation package for the product LPT System Updater Service cannot be found. Try the installation again using a valid copy of the installation package 'LPTInstaller.msi'.(NULL)(NULL)(NULL)(NULL)(NULL)
Error: (09/09/2015 02:37:13 PM) (Source: Python Service) (EventID: 255) (User: )
Description: Exception : (1056, 'StartService', 'Es wird bereits eine Instanz des Dienstes ausgef\xfchrt.')
Error: (09/08/2015 07:32:57 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: SplitCam.exe6.9.4.1541675c3CLFLVSplitter.ax1.0.0.33274e817ba8c000000500007d16181001d0ea54efef7c30C:\Program Files (x86)\SplitCam\SplitCam.exeC:\Program Files (x86)\CyberLink\PowerDVD10\NavFilter\CLFLVSplitter.axa4989800-564f-11e5-bed5-d850e6a0ba0c
Error: (09/08/2015 04:21:04 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: GWXUX.exe6.3.9600.1792455959290ntdll.dll6.3.9600.1793655a68e0cc0000005000000000003d86e2c0801d0ea4194dc05d6C:\WINDOWS\System32\GWX\GWXUX.exeC:\WINDOWS\SYSTEM32\ntdll.dlld5fd1c75-5634-11e5-bed5-d850e6a0ba0c
Error: (09/08/2015 04:20:59 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: GWXUX.exe6.3.9600.1792455959290ntdll.dll6.3.9600.1793655a68e0cc0000005000000000003d86e2c0801d0ea4194dc05d6C:\WINDOWS\System32\GWX\GWXUX.exeC:\WINDOWS\SYSTEM32\ntdll.dlld31ec67f-5634-11e5-bed5-d850e6a0ba0c
Error: (09/06/2015 11:03:45 AM) (Source: ESENT) (EventID: 454) (User: )
Description: taskhostex13304IndexedDb: -1216
Error: (09/06/2015 11:03:45 AM) (Source: ESENT) (EventID: 494) (User: )
Description: taskhostex13304IndexedDb: -1216C:\Users\Martin\AppData\Local\Microsoft\Internet Explorer\Indexed DB\Internet.edb
Error: (09/03/2015 07:08:14 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: SplitCam.exe6.9.4.1541675c3CLFLVSplitter.ax1.0.0.33274e817ba8c000000500007d16ea001d0e66ac8da1adcC:\Program Files (x86)\SplitCam\SplitCam.exeC:\Program Files (x86)\CyberLink\PowerDVD10\NavFilter\CLFLVSplitter.ax5c726c56-525e-11e5-bed5-d850e6a0ba0c
Error: (09/02/2015 10:36:34 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: WSHost.exe6.3.9600.17415545040f3WinStoreUI.dll6.3.9600.17819554636a9c000000500000000000569d979001d0e55a774dfb7fC:\WINDOWS\WinStore\WSHost.exeC:\WINDOWS\winstore\WinStoreUI.dllb742a953-514d-11e5-bed5-d850e6a0ba0c
==================== Speicherinformationen ===========================
Prozessor: Intel(R) Core(TM) i5-4200U CPU @ 1.60GHz
Prozentuale Nutzung des RAM: 35%
Installierter physikalischer RAM: 8075.21 MB
Verfügbarer physikalischer RAM: 5219.31 MB
Summe virtueller Speicher: 9355.21 MB
Verfügbarer virtueller Speicher: 6637.12 MB
==================== Laufwerke ================================
Drive c: (OS) (Fixed) (Total:372.16 GB) (Free:282.14 GB) NTFS ==>[System mit Startkomponenten (eingeholt von lesen Laufwerk)]
Drive d: (Data) (Fixed) (Total:537.8 GB) (Free:537.64 GB) NTFS
==================== MBR & Partitionstabelle ==================
========================================================
Disk: 0 (Size: 931.5 GB) (Disk ID: 57788C0B)
Partition: GPT.
========================================================
Disk: 1 (Size: 22.4 GB) (Disk ID: D6909034)
Partition: GPT.
==================== Ende von Addition.txt ============================
Gmer Code:
ATTFilter GMER 2.1.19357 - hxxp://www.gmer.net
Rootkit scan 2015-09-10 11:38:56
Windows 6.2.9200 x64 \Device\Harddisk0\DR0 -> \Device\00000034 WDC_WD10JPVX-80JC3T0 rev.01.01A01 931,51GB
Running: Gmer-19357.exe; Driver: C:\Users\Martin\AppData\Local\Temp\fxryakow.sys
---- User code sections - GMER 2.1 ----
.text C:\WINDOWS\system32\dwm.exe[624] C:\WINDOWS\system32\KERNEL32.DLL!K32GetModuleInformation 00007ffffaf53e10 7 bytes JMP 00008000f9c602d0
.text C:\WINDOWS\system32\dwm.exe[624] C:\WINDOWS\system32\KERNEL32.DLL!RegQueryValueExW 00007ffffaf53e20 7 bytes JMP 00008000f9c60308
.text C:\WINDOWS\system32\dwm.exe[624] C:\WINDOWS\system32\KERNEL32.DLL!RegSetValueExW 00007ffffb0039b0 7 bytes JMP 00008000f9c603b0
.text C:\WINDOWS\system32\dwm.exe[624] C:\WINDOWS\system32\KERNEL32.DLL!RegDeleteValueW 00007ffffb003ef0 7 bytes JMP 00008000f9c60340
.text C:\WINDOWS\system32\dwm.exe[624] C:\WINDOWS\system32\KERNEL32.DLL!RegSetValueExA 00007ffffb003fe0 7 bytes JMP 00008000f9c60378
.text C:\WINDOWS\system32\dwm.exe[624] C:\WINDOWS\system32\KERNEL32.DLL!K32EnumProcessModulesEx 00007ffffb0306c0 7 bytes JMP 00008000f9c60228
.text C:\WINDOWS\system32\dwm.exe[624] C:\WINDOWS\system32\KERNEL32.DLL!K32GetMappedFileNameW 00007ffffb030730 7 bytes JMP 00008000f9c60298
.text C:\WINDOWS\system32\dwm.exe[624] C:\WINDOWS\system32\KERNEL32.DLL!K32GetModuleFileNameExW 00007ffffb030760 7 bytes JMP 00008000f9c60260
.text C:\WINDOWS\system32\dwm.exe[624] C:\WINDOWS\system32\KERNELBASE.dll!FreeLibrary 00007ffff9c721d0 5 bytes JMP 00008000f9c60180
.text C:\WINDOWS\system32\dwm.exe[624] C:\WINDOWS\system32\KERNELBASE.dll!GetModuleHandleW 00007ffff9c729d0 7 bytes JMP 00008000f9c600d8
.text C:\WINDOWS\system32\dwm.exe[624] C:\WINDOWS\system32\KERNELBASE.dll!GetModuleHandleExW 00007ffff9c74310 5 bytes JMP 00008000f9c60110
.text C:\WINDOWS\system32\dwm.exe[624] C:\WINDOWS\system32\KERNELBASE.dll!LoadLibraryExW 00007ffff9c78d80 5 bytes JMP 00008000f9c60148
.text C:\WINDOWS\system32\dwm.exe[624] C:\WINDOWS\system32\USER32.dll!CreateWindowExW 00007ffffa966d90 10 bytes JMP 00008000f9c60490
.text C:\WINDOWS\system32\dwm.exe[624] C:\WINDOWS\system32\USER32.dll!EnumDisplayDevicesW 00007ffffa9774a0 5 bytes JMP 00008000f9c60458
.text C:\WINDOWS\system32\dwm.exe[624] C:\WINDOWS\system32\USER32.dll!DisplayConfigGetDeviceInfo 00007ffffa977560 1 byte JMP 00008000f9c603e8
.text C:\WINDOWS\system32\dwm.exe[624] C:\WINDOWS\system32\USER32.dll!DisplayConfigGetDeviceInfo + 2 00007ffffa977562 7 bytes {JMP 0xffffffffff2e8e88}
.text C:\WINDOWS\system32\dwm.exe[624] C:\WINDOWS\system32\USER32.dll!EnumDisplayDevicesA 00007ffffa986b10 5 bytes JMP 00008000f9c60420
.text C:\WINDOWS\system32\dwm.exe[624] C:\WINDOWS\system32\GDI32.dll!D3DKMTGetDisplayModeList 00007ffffc7f1500 8 bytes JMP 00008000f9c601b8
.text C:\WINDOWS\system32\dwm.exe[624] C:\WINDOWS\system32\GDI32.dll!D3DKMTQueryAdapterInfo 00007ffffc7f1750 8 bytes JMP 00008000f9c601f0
.text C:\WINDOWS\system32\dwm.exe[624] C:\WINDOWS\system32\dxgi.dll!CreateDXGIFactory 00007ffff7527750 5 bytes JMP 00008000f73700d8
.text C:\WINDOWS\system32\dwm.exe[624] C:\WINDOWS\system32\dxgi.dll!CreateDXGIFactory1 00007ffff7528ee0 5 bytes JMP 00008000f7370110
---- Threads - GMER 2.1 ----
Thread C:\WINDOWS\system32\csrss.exe [740:772] fffff960009292d0
---- Disk sectors - GMER 2.1 ----
Disk \Device\Harddisk0\DR0 unknown MBR code
---- EOF - GMER 2.1 ----
|
|
10.09.2015, 11:12
| #2 |
| /// the machine /// TB-Ausbilder    | Links über Skype und Mails werden verschickt - aber nicht von mir hi,
__________________Lade Dir bitte von hier  Revo Uninstaller (alternativ portable Revo Uninstaller) herunter.
Downloade dir bitte  Malwarebytes Anti-Rootkit und speichere es auf deinem Desktop.
Starte keine andere Datei in diesem Ordner ohne Anweisung eines Helfers Downloade dir bitte  TDSSKiller.exe und speichere diese Datei auf dem Desktop
__________________ |
|
10.09.2015, 13:12
| #3 |
| | Links über Skype und Mails werden verschickt - aber nicht von mir Hi schrauber,
__________________erstmal vielen Dank für deine wirklich schnelle Antwort! Ich habe die von dir beschriebenen Schritte durchgeführt. Die mbar.exe hat aber kein Cleanup durchgeführt. Hier poste ich die Logfiles: mbar Code:
ATTFilter Malwarebytes Anti-Rootkit BETA 1.9.2.1008
www.malwarebytes.org
Database version:
main: v2015.09.10.05
rootkit: v2015.08.16.01
Windows 8.1 x64 NTFS
Internet Explorer 11.0.9600.18036
Martin :: MARTIN-LAPTOP [administrator]
10.09.2015 12:44:37
mbar-log-2015-09-10 (12-44-37).txt
Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
Scan options disabled:
Objects scanned: 420439
Time elapsed: 53 minute(s), 50 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 0
(No malicious items detected)
Physical Sectors Detected: 0
(No malicious items detected)
(end)
Code:
ATTFilter 13:50:48.0226 0x0618 TDSS rootkit removing tool 3.1.0.5 Jul 24 2015 12:29:57
13:50:48.0226 0x0618 UEFI system
13:50:52.0570 0x0618 ============================================================
13:50:52.0570 0x0618 Current date / time: 2015/09/10 13:50:52.0570
13:50:52.0570 0x0618 SystemInfo:
13:50:52.0570 0x0618
13:50:52.0570 0x0618 OS Version: 6.3.9600 ServicePack: 0.0
13:50:52.0570 0x0618 Product type: Workstation
13:50:52.0570 0x0618 ComputerName: MARTIN*******
13:50:52.0570 0x0618 UserName: Martin
13:50:52.0570 0x0618 Windows directory: C:\WINDOWS
13:50:52.0570 0x0618 System windows directory: C:\WINDOWS
13:50:52.0570 0x0618 Running under WOW64
13:50:52.0570 0x0618 Processor architecture: Intel x64
13:50:52.0570 0x0618 Number of processors: 4
13:50:52.0570 0x0618 Page size: 0x1000
13:50:52.0570 0x0618 Boot type: Normal boot
13:50:52.0570 0x0618 ============================================================
13:50:52.0788 0x0618 KLMD registered as C:\WINDOWS\system32\drivers\65776336.sys
13:50:53.0195 0x0618 System UUID: {C5836172-D31E-B245-5277-0AEDF6ECFE36}
13:50:54.0460 0x0618 Drive \Device\Harddisk0\DR0 - Size: 0xE8E0DB6000 ( 931.51 Gb ), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
13:50:54.0460 0x0618 Drive \Device\Harddisk1\DR1 - Size: 0x5976F6000 ( 22.37 Gb ), SectorSize: 0x200, Cylinders: 0xB67, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
13:50:54.0460 0x0618 ============================================================
13:50:54.0460 0x0618 \Device\Harddisk0\DR0:
13:50:54.0460 0x0618 GPT partitions:
13:50:54.0460 0x0618 \Device\Harddisk0\DR0\Partition1: GPT, TypeGUID: {C12A7328-F81F-11D2-BA4B-00A0C93EC93B}, UniqueGUID: {22DC5FB0-CDD8-463C-8E41-92E4795A3160}, Name: EFI system partition, StartLBA 0x800, BlocksNum 0x32000
13:50:54.0460 0x0618 \Device\Harddisk0\DR0\Partition2: GPT, TypeGUID: {DE94BBA4-06D1-4D40-A16A-BFD50179D6AC}, UniqueGUID: {BA0B1FE6-FF09-49E1-9D4E-CA9C1DC945D8}, Name: Basic data partition, StartLBA 0x32800, BlocksNum 0x1C2000
13:50:54.0460 0x0618 \Device\Harddisk0\DR0\Partition3: GPT, TypeGUID: {E3C9E316-0B5C-4DB8-817D-F92DF00215AE}, UniqueGUID: {D3B80B07-286C-486C-AB90-0399B622B6E8}, Name: Microsoft reserved partition, StartLBA 0x1F4800, BlocksNum 0x40000
13:50:54.0460 0x0618 \Device\Harddisk0\DR0\Partition4: GPT, TypeGUID: {EBD0A0A2-B9E5-4433-87C0-68B6B72699C7}, UniqueGUID: {4A3F6317-2475-49F5-8F12-E03B00398DE1}, Name: Basic data partition, StartLBA 0x234800, BlocksNum 0x2E853800
13:50:54.0460 0x0618 \Device\Harddisk0\DR0\Partition5: GPT, TypeGUID: {DE94BBA4-06D1-4D40-A16A-BFD50179D6AC}, UniqueGUID: {E3307A2A-5661-491E-AF8C-D806F551B3D9}, Name: , StartLBA 0x2EA88000, BlocksNum 0xE2000
13:50:54.0460 0x0618 \Device\Harddisk0\DR0\Partition6: GPT, TypeGUID: {EBD0A0A2-B9E5-4433-87C0-68B6B72699C7}, UniqueGUID: {19399632-76F5-4E5F-9B5B-6B13C8A1CF4A}, Name: Basic data partition, StartLBA 0x2EB6A000, BlocksNum 0x43397800
13:50:54.0460 0x0618 \Device\Harddisk0\DR0\Partition7: GPT, TypeGUID: {DE94BBA4-06D1-4D40-A16A-BFD50179D6AC}, UniqueGUID: {A8D87FDF-5C62-44CA-A5A4-E6C3392F240B}, Name: Basic data partition, StartLBA 0x71F01800, BlocksNum 0x2805000
13:50:54.0460 0x0618 MBR partitions:
13:50:54.0460 0x0618 \Device\Harddisk1\DR1:
13:50:54.0476 0x0618 GPT partitions:
13:50:54.0476 0x0618 \Device\Harddisk1\DR1\Partition1: GPT, TypeGUID: {B8CB5058-C187-4719-BAF0-379CA2D4C97E}, UniqueGUID: {4613EE39-4727-4347-8134-173F590F716F}, Name: HFS, StartLBA 0x800, BlocksNum 0x2CBA800
13:50:54.0476 0x0618 MBR partitions:
13:50:54.0476 0x0618 ============================================================
13:50:54.0538 0x0618 C: <-> \Device\Harddisk0\DR0\Partition4
13:50:54.0648 0x0618 D: <-> \Device\Harddisk0\DR0\Partition6
13:50:54.0648 0x0618 ============================================================
13:50:54.0648 0x0618 Initialize success
13:50:54.0648 0x0618 ============================================================
13:52:13.0446 0x1938 ============================================================
13:52:13.0446 0x1938 Scan started
13:52:13.0446 0x1938 Mode: Manual; SigCheck; TDLFS;
13:52:13.0446 0x1938 ============================================================
13:52:13.0446 0x1938 KSN ping started
13:52:15.0915 0x1938 KSN ping finished: true
13:52:18.0524 0x1938 ================ Scan system memory ========================
13:52:18.0524 0x1938 System memory - ok
13:52:18.0524 0x1938 ================ Scan services =============================
13:52:18.0774 0x1938 [ E1832BD9FD7E0FC2DC9FA5935DE3E8C1, 41FF7418887AFC8B9C96EF21C5950DD342CC9E3C0D87AFD60A05B988C1D6CC23 ] 1394ohci C:\WINDOWS\System32\drivers\1394ohci.sys
13:52:18.0930 0x1938 1394ohci - ok
13:52:18.0961 0x1938 [ AD508A1A46EC21B740AB31C28EFDFDB1, 9B1046CF0B80723149BD359B55CC0B8B3ABBEAA9038469F542A4C345C503FB02 ] 3ware C:\WINDOWS\system32\drivers\3ware.sys
13:52:18.0993 0x1938 3ware - ok
13:52:19.0055 0x1938 [ E796AE43DDD1844281DB4D57294D17C0, 21AE69615044A96041E46476BE814B52C22624B6C7EA6BFC77BB64F69C3C21F5 ] ACPI C:\WINDOWS\system32\drivers\ACPI.sys
13:52:19.0133 0x1938 ACPI - ok
13:52:19.0149 0x1938 [ AC8279D229398BCF05C3154ADCA86813, 083E86CBE53244D24C334DB1511C77025133AE7875191845764B890A8CA5AFA9 ] acpiex C:\WINDOWS\system32\Drivers\acpiex.sys
13:52:19.0180 0x1938 acpiex - ok
13:52:19.0211 0x1938 [ A8970D9BF23CD309E0403978A1B58F3F, 9946C8477104EEC7DB197E2222F9905307F101C398CCED4B5FD0F86A5622C791 ] acpipagr C:\WINDOWS\System32\drivers\acpipagr.sys
13:52:19.0243 0x1938 acpipagr - ok
13:52:19.0290 0x1938 [ 111A89C99C5B4F1A7BCE5F643DD86F65, 41A2E49FF443927D05F7EF638518108227852984E68D4663C8761178C0B84A45 ] AcpiPmi C:\WINDOWS\System32\drivers\acpipmi.sys
13:52:19.0321 0x1938 AcpiPmi - ok
13:52:19.0321 0x1938 [ 5758387D68A20AE7D3245011B07E36E7, 77832E200E8B0D259552F6F60FE454A887E3EBBB9EA2F3590E6645289A04E293 ] acpitime C:\WINDOWS\System32\drivers\acpitime.sys
13:52:19.0352 0x1938 acpitime - ok
13:52:19.0383 0x1938 [ E5568164C070A4988BD79C896920B3C6, A60F0ECEEC5D1E2298C4852803B66B92CE6EF44B9C3387BA6A94339BBE4D6D75 ] acsock C:\WINDOWS\system32\DRIVERS\acsock64.sys
13:52:19.0430 0x1938 acsock - ok
13:52:19.0555 0x1938 [ 013697369EAFFA675D0671607F036020, 65611C775AC4681E46A6565E5A7A4FF3363C66EBDC98C4C58AFB365D40BE23B6 ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
13:52:19.0571 0x1938 AdobeARMservice - ok
13:52:19.0649 0x1938 [ 7C1FDF1B48298CBA7CE4BDD4978951AD, 80F4D536E1231B30E836F72ADC8814AE6AA9FEC573FB5F3F965FAC8ABCCAF0F8 ] ADP80XX C:\WINDOWS\system32\drivers\ADP80XX.SYS
13:52:19.0727 0x1938 ADP80XX - ok
13:52:19.0790 0x1938 [ BCD58DACAA1EAAADC115EDD940478F6D, F31613F583C302F62A00E6766B031531C9E193CAED563689B178BA257715B992 ] AeLookupSvc C:\WINDOWS\System32\aelupsvc.dll
13:52:20.0024 0x1938 AeLookupSvc - ok
13:52:20.0149 0x1938 [ 374E27295F0A9DCAA8FC96370F9BEEA5, 51C394E0C2322D7D093941A1B8766171B5D1F47DF2FE0834209492891EA7D999 ] AFD C:\WINDOWS\system32\drivers\afd.sys
13:52:20.0211 0x1938 AFD - ok
13:52:20.0258 0x1938 [ 7DFAEBA9AD62D20102B576D5CAC45EC8, 9FA5207335303D1E8E9A3C9E1FB82C09AD21B04382F69D777A67E48EE91D2093 ] agp440 C:\WINDOWS\system32\drivers\agp440.sys
13:52:20.0290 0x1938 agp440 - ok
13:52:20.0336 0x1938 [ FE14D249D39368CA62D8DA6BC94AC694, E1036E22BFBD3750FD2D3DA6AB939B2DD54E824F4BD3E6539EF0E45AB5453DD1 ] ahcache C:\WINDOWS\system32\DRIVERS\ahcache.sys
13:52:20.0368 0x1938 ahcache - ok
13:52:20.0399 0x1938 [ 16F6F6B7903B913AB41AB848C8BB5658, 7304257048CB42E5274B3F6400F4A053A38E3B70A157662FE9D2B7C5979DE851 ] AiCharger C:\WINDOWS\system32\DRIVERS\AiCharger.sys
13:52:20.0415 0x1938 AiCharger - ok
13:52:20.0446 0x1938 [ 14A45BE6F5678339F0EC5752D9849410, DD0F60E96FAC68FBD5B86382E541408C613BD0F871D0E0A1EF9AB6E7B26E545C ] ALG C:\WINDOWS\System32\alg.exe
13:52:20.0477 0x1938 ALG - ok
13:52:20.0524 0x1938 [ 7589DE749DB6F71A68489DCE04158729, 5F35EDD50737985595C9D6703237CA2ADE49AA5443331020899698EB5114A0FB ] AmdK8 C:\WINDOWS\System32\drivers\amdk8.sys
13:52:20.0555 0x1938 AmdK8 - ok
13:52:20.0555 0x1938 [ B46D2D89AFF8A9490FA8C98C7A5616E3, BE0765B5423B690E0F097FECD9717FAA95BFDFFDC6CF1B93DE5A19A1B7797879 ] AmdPPM C:\WINDOWS\System32\drivers\amdppm.sys
13:52:20.0586 0x1938 AmdPPM - ok
13:52:20.0618 0x1938 [ D2BF2F94A47D332814910FD47C6BBCD2, FE273D77D119D958676E1197D9EA7B008E3B05C6192B1962A81D4223ED204C35 ] amdsata C:\WINDOWS\system32\drivers\amdsata.sys
13:52:20.0649 0x1938 amdsata - ok
13:52:20.0665 0x1938 [ A8E04943C7BBA7219AA50400272C3C6E, 794C0BD12DF0392654E9A37AE4A24B5BE2D83F1F24F74DD48A1A0BF3AB8B1FF8 ] amdsbs C:\WINDOWS\system32\drivers\amdsbs.sys
13:52:20.0711 0x1938 amdsbs - ok
13:52:20.0743 0x1938 [ CEA5F4F27CFC08E3A44D576811B35F50, 89DF64B81BD109BAABAE93A4603C1617241219F38DDAF325EFE6BD35FF6FD717 ] amdxata C:\WINDOWS\system32\drivers\amdxata.sys
13:52:20.0774 0x1938 amdxata - ok
13:52:20.0805 0x1938 [ 415DD71628795197F7AFC176CBADC74E, 5F0359053A6CD6EE239139E0E6F46E1FA9A73F017C0CE9B7BC052216B2C846EC ] AppID C:\WINDOWS\system32\drivers\appid.sys
13:52:20.0836 0x1938 AppID - ok
13:52:20.0868 0x1938 [ 88358135810B9DFD830A9D3A8C3D149A, DF914DA3828EE2310895D156342E3B3DF5E8C6F6F9B851C359E82A1F48180D4B ] AppIDSvc C:\WINDOWS\System32\appidsvc.dll
13:52:20.0899 0x1938 AppIDSvc - ok
13:52:20.0946 0x1938 [ 680BFB820C5A943AB709BAA2B1EF27F2, A51D2A7976A762FE470C13C6D1BA0319A0FB19C9E66BF02AA44F83EAEC7130F8 ] Appinfo C:\WINDOWS\System32\appinfo.dll
13:52:21.0336 0x1938 Appinfo - ok
13:52:21.0383 0x1938 [ 35E28923A23ADABAA5A1B43256D0AB58, A5F3AF8BBEE58B2165BAFACC5FF8B167B55B020998D3D1565C2229ED8753B269 ] AppReadiness C:\WINDOWS\system32\AppReadiness.dll
13:52:22.0165 0x1938 AppReadiness - ok
13:52:22.0399 0x1938 [ 573542B5E97772021B73E854DA861DAA, C3FD00FA28060F8D7CDFD455BBB5FF8239CB76DDFFF2BDAE6AA944674DD993D3 ] AppXSvc C:\WINDOWS\system32\appxdeploymentserver.dll
13:52:22.0946 0x1938 AppXSvc - ok
13:52:22.0993 0x1938 [ 65045784366F7EC5FB4E71BCF923187B, 53C215C64FF12E44B097F7CB88E8482438CE0ACBD3C68D8FD38BA0D0D8747FAA ] arcsas C:\WINDOWS\system32\drivers\arcsas.sys
13:52:23.0024 0x1938 arcsas - ok
13:52:23.0086 0x1938 [ DC2BA6926FA0CDCE273CC9897F05584A, CF35A55511C6241679FDB9D48DC43B61D86D071B974E7A668495E2021098E912 ] ASLDRService C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe
13:52:23.0102 0x1938 ASLDRService - ok
13:52:23.0133 0x1938 [ 4C016FD76ED5C05E84CA8CAB77993961, 025E7BE9FCEFD6A83F4471BBA0C11F1C11BD5047047D26626DA24EE9A419CDC4 ] ASMMAP64 C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys
13:52:23.0149 0x1938 ASMMAP64 - ok
13:52:23.0290 0x1938 [ 6A122B4F0E5293CACFA8A5F2CBA9B356, 9D69076B697BEE8742E32EBEF1802D829DEA6B1D93AF485D11CC89A08CA4D809 ] ASUS InstantOn C:\Program Files\ASUS\P4G\InsOnSrv.exe
13:52:23.0321 0x1938 ASUS InstantOn - ok
13:52:23.0368 0x1938 [ AAE374280DDC307061A43ED9FAD1AD57, BFBE60D67B4283868D148C38502689FFE52CC7F13F4294E21F47B37D14FB5821 ] Asus WebStorage Windows Service C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.18.159\AsusWSWinService.exe
13:52:23.0383 0x1938 Asus WebStorage Windows Service - detected UnsignedFile.Multi.Generic ( 1 )
13:52:25.0852 0x1938 Detect skipped due to KSN trusted
13:52:25.0852 0x1938 Asus WebStorage Windows Service - ok
13:52:25.0883 0x1938 [ 74B14192CF79A72F7536B27CB8814FBD, 0CF6BBB63FFE0C12777664D80B2797923844C8392D0FD81D7962EE5EE2C3C3D9 ] atapi C:\WINDOWS\system32\drivers\atapi.sys
13:52:25.0915 0x1938 atapi - ok
13:52:25.0946 0x1938 [ 427A6D1397E826B370D025EE73A50E6E, FC8BAB3AA95B55D59B8DF9F97C87D1F3CEAB609A3E6C8BD576F3BF9047C6A120 ] AthBTPort C:\WINDOWS\system32\DRIVERS\btath_flt.sys
13:52:25.0977 0x1938 AthBTPort - ok
13:52:26.0024 0x1938 [ 54D0CDDB72425D42F7B504EE392E9653, 925FC00DC1222ECC8D750E240E8C159CF46F0BDBAADCDB2108892CF2CD91ED79 ] AtherosSvc C:\Program Files (x86)\Bluetooth Suite\adminservice.exe
13:52:26.0071 0x1938 AtherosSvc - detected UnsignedFile.Multi.Generic ( 1 )
13:52:28.0555 0x1938 Detect skipped due to KSN trusted
13:52:28.0555 0x1938 AtherosSvc - ok
13:52:28.0837 0x1938 [ A34167BD20D771B8E68F2C41CC85168C, 33E5ACA0D853918E1DE2B9544A6B0B616C09CA92013B1D99C7F48655B1DDB4A9 ] athr C:\WINDOWS\system32\DRIVERS\athw8x.sys
13:52:29.0149 0x1938 athr - ok
13:52:29.0212 0x1938 [ DBC598E47E7A382E60E2A4745D41FEF9, A810AC197CA456B0285E2CAE6986D38B31F4ADA32BEB47EC7A48A2B2196BA639 ] ATKGFNEXSrv C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
13:52:29.0227 0x1938 ATKGFNEXSrv - ok
13:52:29.0290 0x1938 [ 41CEAFFCF3550785E59E3EC9BEE8D97A, 89FE604088B65B82AA794E1DA8429033CD2F05FFB2D7EFAAC7B967C7A83D1B1E ] ATKWMIACPIIO C:\Program Files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys
13:52:29.0508 0x1938 ATKWMIACPIIO - ok
13:52:29.0524 0x1938 [ A751FA39AEC7DBA5DCE0D64BB0E3E331, F0D7AE1E6EAD2DAC7EA4E37B4AB30E6ACE8F21CE3C49D2D01B854F36E72F77B5 ] ATP C:\WINDOWS\System32\drivers\AsusTP.sys
13:52:29.0555 0x1938 ATP - ok
13:52:29.0602 0x1938 [ 431FE56F5A2F5937994CB2DA330B47DB, E5AED551529A21494114959251FDF566802DD6D9B9D86A937A0EECE53338CAC7 ] AudioEndpointBuilder C:\WINDOWS\System32\AudioEndpointBuilder.dll
13:52:29.0633 0x1938 AudioEndpointBuilder - ok
13:52:29.0712 0x1938 [ 0F03CC00645D7F841879A048787D6AC7, 3ECD2486157469F2EDB63D4868338D1445F2909153DF0AFFE432083730EEE3F5 ] Audiosrv C:\WINDOWS\System32\Audiosrv.dll
13:52:29.0790 0x1938 Audiosrv - ok
13:52:29.0837 0x1938 [ 3C6ED74AF41DD1A5585CE5EF3D00915F, A742F576407776634E5A8E49C60023FFDF395DE0B2DE36662A23F85B79405ED2 ] AxInstSV C:\WINDOWS\System32\AxInstSV.dll
13:52:29.0883 0x1938 AxInstSV - ok
13:52:29.0946 0x1938 [ A4A73F631FE2AA2826FBE4A399B04DEF, 973AACE8DC8DA669D0DF20F17EFDEEABB90AA046AC980948D16A62D39A606A79 ] b06bdrv C:\WINDOWS\system32\drivers\bxvbda.sys
13:52:30.0024 0x1938 b06bdrv - ok
13:52:30.0055 0x1938 [ 8CC7F7E4AFCBA605921B137ED7992C68, 71406E6D6E9964740A6D90B05329D5492BB90AF40E0630CF2FBF4BA4BA14F2DD ] BasicDisplay C:\WINDOWS\System32\drivers\BasicDisplay.sys
13:52:30.0087 0x1938 BasicDisplay - ok
13:52:30.0102 0x1938 [ 38A82F4EE8C416A6744B6D30381ED768, 9EAAE5F43BA09359130AC04B1DCA0F5D4DF32ED89C02DC5CEB640918948847F7 ] BasicRender C:\WINDOWS\System32\drivers\BasicRender.sys
13:52:30.0133 0x1938 BasicRender - ok
13:52:30.0165 0x1938 [ C1ABB0F7E3BEA48A0417BDF6FF14AB21, 1CAC63A1A0FB9855A27EE977794576A860F6650C9EF7667FFB27F2A2FF721857 ] bcmfn2 C:\WINDOWS\System32\drivers\bcmfn2.sys
13:52:30.0180 0x1938 bcmfn2 - ok
13:52:30.0258 0x1938 [ 77D760E9B477C21487C171F561497F98, 2393D466CEC863C771C5BB4CD81B251635DC084386134B8E13F74F3E1C6D68DF ] BDESVC C:\WINDOWS\System32\bdesvc.dll
13:52:30.0321 0x1938 BDESVC - ok
13:52:30.0352 0x1938 [ EC19013E4CF87609534165DF897274D6, 8ED45537CF2D58D759A587CCBFDADD5580C7447B0C3B172CF19ECC7585E073FC ] Beep C:\WINDOWS\system32\drivers\Beep.sys
13:52:30.0883 0x1938 Beep - ok
13:52:30.0962 0x1938 [ 22A5582ACF0CEE97268D7868C69F35CE, 78A44C10966FE467D3FCC76BE37647AE2CC2BCA9DE5715AD9E643162B23C3A19 ] BFE C:\WINDOWS\System32\bfe.dll
13:52:31.0133 0x1938 BFE - ok
13:52:31.0524 0x1938 [ 3E2882C7D02E34D5528BDDECD8CEF930, 39AEB34BD5BFD0BE6C8D0E37D5D5912B76B87A442C2AD91AC3E5F709D73C809C ] BHDrvx64 C:\Program Files (x86)\Norton 360\NortonData\22.5.2.15\Definitions\BASHDefs\20150904.001\BHDrvx64.sys
13:52:31.0774 0x1938 BHDrvx64 - ok
13:52:31.0868 0x1938 [ 48554994279BFE17A3D2B00076D0CB1A, 6521B1EC0BC6B01F63976370D89FE7DC2E7404899F68B6FAC37A9173B9C5D489 ] BITS C:\WINDOWS\System32\qmgr.dll
13:52:32.0055 0x1938 BITS - ok
13:52:32.0071 0x1938 [ 6B4FFFDDC618FCF64473CAA86E305697, 29EA66071D5822920F5C50533673ADAB5204F8B25C11027AD27450D881F1142D ] bowser C:\WINDOWS\system32\DRIVERS\bowser.sys
13:52:32.0102 0x1938 bowser - ok
13:52:32.0149 0x1938 [ FA601515FF2B59F25FDD8EDB1D2A1104, 21DFB53241F8E880F7546B9ADF38F47D6AD0782EC7F8F0284ED69DE7CEF7DCB9 ] BrokerInfrastructure C:\WINDOWS\System32\bisrv.dll
13:52:32.0462 0x1938 BrokerInfrastructure - ok
13:52:32.0493 0x1938 [ BC111AADACD0BF59D56547461D13AB6E, 91E3619930C29EE4B2683683888BA7EE3CF6B1DDB0C19A14E0880470CBE40EF4 ] Browser C:\WINDOWS\System32\browser.dll
13:52:32.0540 0x1938 Browser - ok
13:52:32.0587 0x1938 [ E9B6AC24CB3737D2F93C05590B4A9048, 7CFDF93947925EDF6D6C0AD9E3A31AF098E8F8574AFCD8C7B3242E29A1F38CDD ] BTATH_A2DP C:\WINDOWS\system32\drivers\btath_a2dp.sys
13:52:32.0618 0x1938 BTATH_A2DP - ok
13:52:32.0649 0x1938 [ 2BD94FC9AB890A7A7CEF81E5F1A2D421, 0B572D0F6558CA37164A15A8D9DF13160BBF6DA119B8E92436B3DCFA19361E31 ] btath_avdt C:\WINDOWS\system32\drivers\btath_avdt.sys
13:52:32.0665 0x1938 btath_avdt - ok
13:52:32.0696 0x1938 [ 4AF7C20F94DAC343C01ED671C82DCB99, 2AABD85D9D76461DE883E0F13F61C391BA81E6198FF88268B319474E25A196C8 ] BTATH_HCRP C:\WINDOWS\System32\drivers\btath_hcrp.sys
13:52:32.0727 0x1938 BTATH_HCRP - ok
13:52:32.0759 0x1938 [ 785C38070043BEEE9E9D591DE4067244, 1C8D15B8A9E80A2799E7094C4AE111FEA9FBC6EAA4A61B13EFE59314C9794949 ] BTATH_LWFLT C:\WINDOWS\system32\DRIVERS\btath_lwflt.sys
13:52:32.0774 0x1938 BTATH_LWFLT - ok
13:52:32.0805 0x1938 [ 31EC5FC3FC5CB273F2709AAF4AD88ED4, 804401CEBBB24443AE0A304FCF5CB6B0D7679BA7FC5DC3BFF968B0B44FE34EC1 ] BTATH_RCP C:\WINDOWS\System32\drivers\btath_rcp.sys
13:52:32.0837 0x1938 BTATH_RCP - ok
13:52:32.0899 0x1938 [ 25B35FDD5FE5666DC49CCC0BC6A9AD81, 0F6A9783EF72AF53F20B19E51FE40A17F72FB9CC037670ADB77970AF9CA7E376 ] BtFilter C:\WINDOWS\system32\DRIVERS\btfilter.sys
13:52:33.0227 0x1938 BtFilter - ok
13:52:33.0274 0x1938 [ A8F23D453A424FF4DE04989C4727ECC7, AE4A9081395C7379F1C947EF8243F7609F90C843E086B8E77E1A2C06E36D4381 ] BthAvrcpTg C:\WINDOWS\System32\drivers\BthAvrcpTg.sys
13:52:33.0477 0x1938 BthAvrcpTg - ok
13:52:33.0493 0x1938 [ 12418846B057E4F92FC621F5C6CF737D, 0B8B0EADE4F2AD95D450A5C71C287C0F04F33897ABF27D3E3B6428A3C99C7B5D ] BthEnum C:\WINDOWS\System32\drivers\BthEnum.sys
13:52:33.0524 0x1938 BthEnum - ok
13:52:33.0571 0x1938 [ 272A62B660A48AEF366F8A1836CED19F, 78EFAC6B1B2313482329BBFFBF0DDA6462BD88E5BE3C817C5E8E0EAF3074C925 ] BthHFEnum C:\WINDOWS\System32\drivers\bthhfenum.sys
13:52:33.0868 0x1938 BthHFEnum - ok
13:52:33.0915 0x1938 [ 71FE2A48E4C93DDB9798C024880B6C07, 8E93DE29C61A5FA64216231228CB3C4A1A693FE87CAA2C070BCAD7BE2D8ED000 ] bthhfhid C:\WINDOWS\System32\drivers\BthHFHid.sys
13:52:33.0930 0x1938 bthhfhid - ok
13:52:34.0009 0x1938 [ 9307A4B743D277C499CDA8E19E5687AC, 7A01989EC3D54581F292BDEDC9B9445F2ABD50165102617E3089BDD061C63A19 ] BthHFSrv C:\WINDOWS\System32\BthHFSrv.dll
13:52:34.0102 0x1938 BthHFSrv - ok
13:52:34.0134 0x1938 [ D30C67473A2E229662D21F27EAA9AAA5, D009C4836B0DFE963D8E3DEEDE611068838F2BBCAB146E6D70692FAB838E11F1 ] BthLEEnum C:\WINDOWS\system32\DRIVERS\BthLEEnum.sys
13:52:34.0243 0x1938 BthLEEnum - ok
13:52:34.0259 0x1938 [ EF4B9E7C9AD88C00C18A12B0D22D1894, 672537E75201E690D86CD65252B8AEF887C76EBD37AB0C419462D69164B350CC ] BTHMODEM C:\WINDOWS\System32\drivers\bthmodem.sys
13:52:34.0305 0x1938 BTHMODEM - ok
13:52:34.0368 0x1938 [ FEA8FC81431AD93F44D5FBFBBF096AA7, C0581DF6B2AD24836604B083F4866F93A3F4D9091D382029948A5E6221EDF788 ] BthPan C:\WINDOWS\System32\drivers\bthpan.sys
13:52:34.0415 0x1938 BthPan - ok
13:52:34.0524 0x1938 [ B810B2B39CCA90DC6BF42AF1658AE0D1, D184F927BCFBDE7063A0C9873BF2C174226E1AB5081A7108FCC66210CD117465 ] BTHPORT C:\WINDOWS\System32\Drivers\BTHport.sys
13:52:34.0634 0x1938 BTHPORT - ok
13:52:34.0680 0x1938 [ 043A0F37631BF453F16D478B71320F46, C368296B802984F438852927B8A40EA3F4205724A05828F3173F08EC17228356 ] bthserv C:\WINDOWS\system32\bthserv.dll
13:52:34.0915 0x1938 bthserv - ok
13:52:34.0962 0x1938 [ 52A1B7ECAB4C9EF70FD41241691E09D3, F7A5BFE72D3151E73DD9922A76964C08AC1FDCB8460D9A17DCF8B7969006AD42 ] BTHUSB C:\WINDOWS\System32\Drivers\BTHUSB.sys
13:52:35.0305 0x1938 BTHUSB - ok
13:52:35.0399 0x1938 [ 5A1C7DBDDB001BC6F1D1720E655445E2, 07A766C804D0709936FF18A2F67C49D6499BEF9CEEB1EF69F654A35268A11027 ] ccSet_N360 C:\WINDOWS\system32\drivers\N360x64\1605020.00F\ccSetx64.sys
13:52:35.0555 0x1938 ccSet_N360 - ok
13:52:35.0602 0x1938 [ 2FA6510E33F7DEFEC03658B74101A9B9, 61C8C8E3F09B427711464C974EE22E1E01C48E10DB54A4EC9901F482FC36C978 ] cdfs C:\WINDOWS\system32\DRIVERS\cdfs.sys
13:52:35.0634 0x1938 cdfs - ok
13:52:35.0665 0x1938 [ C6796EA22B513E3457514D92DCDB1A3D, 2B893F3950C6B913B934C2089B69F3B0B77F229AE1820907E598455CBB78139C ] cdrom C:\WINDOWS\System32\drivers\cdrom.sys
13:52:35.0712 0x1938 cdrom - ok
13:52:35.0759 0x1938 [ 41C0D7B1A6D4AD119BA6AC0487EA5C8E, 516C2B34BA7507D0DA4148B4ABC0A8C36286570D4EA5C60B28647B1249C15018 ] CertPropSvc C:\WINDOWS\System32\certprop.dll
13:52:35.0805 0x1938 CertPropSvc - ok
13:52:35.0837 0x1938 [ BE9936EDD3267FAAFF94A7835867F00B, 3CEEF2377D45ED38C7CD3CE4C746EC5EA7277EFEC728A5438F0EF5F62FC7C859 ] circlass C:\WINDOWS\System32\drivers\circlass.sys
13:52:35.0852 0x1938 circlass - ok
13:52:36.0055 0x1938 [ 664AA28A1D92608BEF2F63AF008745B7, 71FF749A52D34D981716610D577C20DF876B15FA1BC039EF11ACAF2F09DFBC4A ] cjpcsc C:\WINDOWS\SysWOW64\cjpcsc.exe
13:52:36.0118 0x1938 cjpcsc - ok
13:52:36.0165 0x1938 [ E3B86AB029D1C523981C3476DE859521, F787284359F6322DB7135FCDFD3DA3EFD92FBBB95F3DC5C9D77B881A8351B080 ] cjusb C:\WINDOWS\system32\DRIVERS\cjusb.sys
13:52:36.0180 0x1938 cjusb - ok
13:52:36.0227 0x1938 [ 8EB7E70C2D348FE2476A2E3F2D585E3D, 2B5D407FACF1D049261026CC552A7C93B028A661B0F4E959815EAE7670054127 ] CLFS C:\WINDOWS\system32\drivers\CLFS.sys
13:52:36.0274 0x1938 CLFS - ok
13:52:36.0493 0x1938 [ EC44010BAFA116B6ED200AB18A29E560, 0261CBABF18158FB836DB4569201035F702A5CE27C64551E29C2AC4BC6C3851C ] ClickToRunSvc C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe
13:52:36.0696 0x1938 ClickToRunSvc - ok
13:52:36.0743 0x1938 [ EF6EF85DADC3184A10D8F2F7159973CB, 42FCB286CED95A5DEBC5C0C894FCBC4818A2C818BB71087142FB51A08A0BE96B ] CmBatt C:\WINDOWS\System32\drivers\CmBatt.sys
13:52:36.0805 0x1938 CmBatt - ok
13:52:36.0884 0x1938 [ 5E5AB950693F2C6D6ACBEE3A74697ED7, 3790A7DD0AC65F47A697A577744FDFA4CC1CA3422884C84E499F97AC91BA84F3 ] CNG C:\WINDOWS\system32\Drivers\cng.sys
13:52:37.0071 0x1938 CNG - ok
13:52:37.0102 0x1938 [ 03AAED827C36F35D70900558B8274905, 8E44A23C6013FFAE7769F99CAA3B1D6288DE00A38937F9056903AC265B503AFA ] CompositeBus C:\WINDOWS\System32\drivers\CompositeBus.sys
13:52:37.0227 0x1938 CompositeBus - ok
13:52:37.0243 0x1938 COMSysApp - ok
13:52:37.0274 0x1938 [ A1FF7DFBFBE164CF92603C651D304DD2, 470ACE5A75E64FC62C950037201199857E974803625DC73BEDBCF6FA4DDD496C ] condrv C:\WINDOWS\system32\drivers\condrv.sys
13:52:37.0321 0x1938 condrv - ok
13:52:37.0368 0x1938 [ F9693D45B0F1B346CCDEEC1F341AD389, 342C81EFB434EAC29865F8BB049051635C644D7EF355D0F5FB3ADD9DDCE55D82 ] cphs C:\WINDOWS\SysWow64\IntelCpHeciSvc.exe
13:52:37.0399 0x1938 cphs - ok
13:52:37.0462 0x1938 [ 6324F0D18FB52833BA64BC828E29054C, 04118FA1BDFC512F76E4A81FEF34C78B6BD98429DB1D65123B6802B4A1E30584 ] CryptSvc C:\WINDOWS\system32\cryptsvc.dll
13:52:37.0493 0x1938 CryptSvc - ok
13:52:37.0524 0x1938 [ 389C998C64319CD97625B0550E52ECFA, DD0EDDD9C8412F78D2D2B648D67DA887C3040E05DF29F48F71299CB68FDDD0F8 ] dam C:\WINDOWS\system32\drivers\dam.sys
13:52:37.0555 0x1938 dam - ok
13:52:37.0634 0x1938 [ A6F17C299A03BAFEFB9257C462A19E00, EB68967D28355271897166D7B6FD963D1E546D3C24AE1AEAAC561F94357A9345 ] DcomLaunch C:\WINDOWS\system32\rpcss.dll
13:52:37.0743 0x1938 DcomLaunch - ok
13:52:37.0837 0x1938 [ 95E1ABFB27F8A62ED764805775F0D2F3, 692865DA60C93481E01592883678B2C51FD9AC9A835DFB00A8E3F2DFEE7AB0ED ] defragsvc C:\WINDOWS\System32\defragsvc.dll
13:52:38.0259 0x1938 defragsvc - ok
13:52:38.0321 0x1938 [ FF086DEF5995558CCB1B5AAC2110195D, CED52FF01F9247BFDAFC5C7EFC538F8638146ED715574A422496EE0F846CB079 ] DeviceAssociationService C:\WINDOWS\system32\das.dll
13:52:39.0118 0x1938 DeviceAssociationService - ok
13:52:39.0149 0x1938 [ 2C02AFF8383D893F8DBEB07A84F6E77C, 7CC34BAC67E2988E3D16DD6EB6F6785CD2460E3EF7FBD0BD5F86E49793BD473E ] DeviceInstall C:\WINDOWS\system32\umpnpmgr.dll
13:52:39.0399 0x1938 DeviceInstall - ok
13:52:39.0446 0x1938 [ A03F362C5557E238CBFA914689C77248, BAD0A1124E6A384C15028FBE121ADF650F7716442555AD3737B9EA1F58A69246 ] Dfsc C:\WINDOWS\system32\Drivers\dfsc.sys
13:52:39.0743 0x1938 Dfsc - ok
13:52:39.0790 0x1938 [ 3EEAADA3125431980E5804ED7143458A, 381E12C83E3211C255B321D35536F4049D67E31061F8D82155E4D4509E97F43D ] Dhcp C:\WINDOWS\system32\dhcpcore.dll
13:52:40.0040 0x1938 Dhcp - ok
13:52:40.0165 0x1938 [ 21EDAD8188372C912B7BB9B1C6CB0D38, 4A102745DE8A2A82D2C069B30503BF9FF2312A035A82854F84EF9C27E3533CEE ] DiagTrack C:\WINDOWS\system32\diagtrack.dll
13:52:40.0555 0x1938 DiagTrack - ok
13:52:40.0587 0x1938 [ 4D40C9B33F738797CF50E77CB7C53E85, 7BA341342A47DEB15B51971C97A5237ACD8BDAD9033F63DF0000892BE43F8E13 ] disk C:\WINDOWS\system32\drivers\disk.sys
13:52:40.0634 0x1938 disk - ok
13:52:40.0665 0x1938 [ EB70A894708D1BC176AFD690FF06085F, 0DD2A97F5E1B38D1F7C0D44E50F09EA222B18B3B074CC9C8CD25A7526CB1A112 ] dmvsc C:\WINDOWS\System32\drivers\dmvsc.sys
13:52:40.0696 0x1938 dmvsc - ok
13:52:40.0743 0x1938 [ E9AE4FAE83FB38A2962F9032B24CEB3C, CC7D2D8C97CB779791613D76D6E4AF5D628C948C28BAC584C3C7F6A5A6036FBA ] Dnscache C:\WINDOWS\System32\dnsrslvr.dll
13:52:40.0790 0x1938 Dnscache - ok
13:52:40.0821 0x1938 [ 811EACBCC7C51A03AE11F13CC27B2AB6, FAB94F84950FFB7D3649BAFB8D96D43B880D7FDE8D5B879472AE26C4BC4203B0 ] dot3svc C:\WINDOWS\System32\dot3svc.dll
13:52:40.0884 0x1938 dot3svc - ok
13:52:40.0899 0x1938 [ B99CB575986789A93A683DCF292A43A1, 6ACEA31C723B74003E106FC8303542FCC6DBC4952B6B523F6590D006BE57238D ] DPS C:\WINDOWS\system32\dps.dll
13:52:40.0946 0x1938 DPS - ok
13:52:40.0962 0x1938 [ 68E2849CF59D54557F5CC6911EE5B26F, 902768EEB69EAADB7AB2935C5B283D48329FC91FD1BC2BE61993D2C31D05A54E ] DptfDevDram C:\WINDOWS\system32\DRIVERS\DptfDevDram.sys
13:52:40.0993 0x1938 DptfDevDram - ok
13:52:41.0009 0x1938 [ 76C91DB88A8CEE7711F41ADF08128522, 584AFB7076D8C6D200444E5D376A8934285DF7D8A9B41C076E350F258D43B8EB ] DptfDevPch C:\WINDOWS\system32\DRIVERS\DptfDevPch.sys
13:52:41.0024 0x1938 DptfDevPch - ok
13:52:41.0056 0x1938 [ 82D5BA44F3A32EE7D41D2E8B4361AD9B, BFC8059C4208E79E0A52F86A28A5E119F059DC1CD03564675A1554CE916AD5A5 ] DptfDevProc C:\WINDOWS\system32\DRIVERS\DptfDevProc.sys
13:52:41.0087 0x1938 DptfDevProc - ok
13:52:41.0134 0x1938 [ 66AA3E34E06A32B60573926DD861D70E, 1888D8B35460E3D1F73B495D90BFA0D14AE405F50A010A8555558DFC6E233C7A ] DptfManager C:\WINDOWS\system32\DRIVERS\DptfManager.sys
13:52:41.0165 0x1938 DptfManager - ok
13:52:41.0196 0x1938 [ 058388D2D86C28C6C345B52ECF251FF7, 81D0A652F419F1B95E10245480BDF168C74370760B574987F0F88D6C9097BCA9 ] DptfParticipantProcessorService C:\WINDOWS\system32\DptfParticipantProcessorService.exe
13:52:41.0227 0x1938 DptfParticipantProcessorService - ok
13:52:41.0290 0x1938 [ DD102BC049487894B5214E5CC890F7C7, 340A24CBB4961F5D50835597E418368D60E2BDFB6E9C89DC546E1D9C77066A99 ] DptfPolicyConfigTDPService C:\WINDOWS\system32\DptfPolicyConfigTDPService.exe
13:52:41.0321 0x1938 DptfPolicyConfigTDPService - ok
13:52:41.0337 0x1938 [ 920DA0F094DDE55DF835FECD7304A0C1, 5EE88CE2F7BA292F60618B5EC4EC87C2417CD12A20306966B5DC68D7687EFDA0 ] DptfPolicyCriticalService C:\WINDOWS\system32\DptfPolicyCriticalService.exe
13:52:41.0352 0x1938 DptfPolicyCriticalService - ok
13:52:41.0384 0x1938 [ 4BA8E65371129900116259D8513644EB, A5DEE74D2C9DA0C1185333B4A3D22815104423682645BB4E2A5E8E7DB766D41E ] DptfPolicyLpmService C:\WINDOWS\system32\DptfPolicyLpmService.exe
13:52:41.0415 0x1938 DptfPolicyLpmService - ok
13:52:41.0446 0x1938 [ 00C594D5A1DBD22AD8B2902B9F6EFF94, 2920D62B5F7C49A8AFA80FCAD1E834BBAA670AEBDD7E6F21F0496D1D3CCB4E90 ] drmkaud C:\WINDOWS\system32\drivers\drmkaud.sys
13:52:41.0462 0x1938 drmkaud - ok
13:52:41.0509 0x1938 [ 263625A4F616538EB867B6306A6590DB, 2A064720C247EAA3446EFDCC9E01D84CBA875905D78DFED0FBD62D1EE422D416 ] DsmSvc C:\WINDOWS\System32\DeviceSetupManager.dll
13:52:41.0556 0x1938 DsmSvc - ok
13:52:41.0665 0x1938 [ E1BB0B6F00F470B451AB45EA13EBA0B3, 3A2FC2175B69A5EB98D6C2D563DBFDCB320647AB87A14E47FAE800423DCACDAB ] DXGKrnl C:\WINDOWS\System32\drivers\dxgkrnl.sys
13:52:41.0805 0x1938 DXGKrnl - ok
13:52:41.0852 0x1938 [ E253530BD5EDE28F1FF6AF93C4D8034D, 787A70C3E946348F066FB8EB81FCE60157217D93FD78ADC631B5835E8D76A253 ] Eaphost C:\WINDOWS\System32\eapsvc.dll
13:52:42.0618 0x1938 Eaphost - ok
13:52:42.0884 0x1938 [ 114BCFDF367FF37C3F1B0A96AF542E4D, D385BC1D91BC1406091C8C3691C07A90BD60EDE05B1384E5AA3506FCB909C857 ] ebdrv C:\WINDOWS\system32\drivers\evbda.sys
13:52:42.0993 0x1938 ebdrv - ok
13:52:43.0102 0x1938 [ 93EA893A8C2C561648A559E48C723412, 14F9AD8BCF423BC40F7B3D2D7BC0F795CD3C54800C854873BD170ADF2A735B64 ] eeCtrl C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys
13:52:43.0556 0x1938 eeCtrl - ok
13:52:43.0587 0x1938 [ 382100E75B6F4668AEAEF228C6CEFFAD, 9C7229F10F11D18E1FED6395391A46225A84B421034B9AB6F81AF7430FDC556F ] EFS C:\WINDOWS\System32\lsass.exe
13:52:43.0618 0x1938 EFS - ok
13:52:43.0649 0x1938 [ 43531A5993380CC5113242C29D265FD9, EE0076D96F7F3CF29884AC7A67C08A429115A7201354A1FB5DE45FD63ABB4960 ] EhStorClass C:\WINDOWS\system32\drivers\EhStorClass.sys
13:52:43.0681 0x1938 EhStorClass - ok
13:52:43.0712 0x1938 [ 6F8E738A9505A388B1157FDDE7B3101B, 3696CA634102B41EEA11EB9DCA0B24439D8636AED4A7190C138C5E64A2EFB514 ] EhStorTcgDrv C:\WINDOWS\system32\drivers\EhStorTcgDrv.sys
13:52:43.0743 0x1938 EhStorTcgDrv - ok
13:52:43.0774 0x1938 [ 8400C9E33B68C556BF63AEF490EB145C, A840DF1A27C935DD427E53C5D2FFFE79E612D0B4074CE26AA992DA62D4925806 ] EraserUtilRebootDrv C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
13:52:43.0806 0x1938 EraserUtilRebootDrv - ok
13:52:43.0837 0x1938 [ DFFFAE1442BA4076E18EED5E406FA0D3, 329FC6FB8D14BEACDBE2A5D4C496EDEA485E838B1DF27566E278F8F8E0D8E82E ] ErrDev C:\WINDOWS\System32\drivers\errdev.sys
13:52:43.0852 0x1938 ErrDev - ok
13:52:43.0931 0x1938 [ F00C593994D57C75273F820653440536, 2DC986D9890EC907405FB2045E6F55ACC384169B45F0B56CCB1A953CF71D9A5D ] EventSystem C:\WINDOWS\system32\es.dll
13:52:43.0993 0x1938 EventSystem - ok
13:52:44.0024 0x1938 [ EE8A4765D5EB30736E2E067A3E8907CB, E7FE4F3707E6EEE046BE0C20B75E59924B332CA2F35482B4A457A79D59F4BF4E ] excfs C:\WINDOWS\system32\DRIVERS\excfs.sys
13:52:44.0040 0x1938 excfs - ok
13:52:44.0071 0x1938 [ 681426F5AFB40405FB596BF90199C484, D9DF2964B96805F61B90E4B862F9EAC5B1C682935A625F75862645E94D623DF4 ] excsd C:\WINDOWS\system32\DRIVERS\excsd.sys
13:52:44.0102 0x1938 excsd - ok
13:52:44.0134 0x1938 [ 7729D294A555C7AEB281ED8E4D0E01E4, 7269E79D72CCE477AC108294D0DDFB59CF533B03C587599C5AB0507C43A0B6D4 ] exfat C:\WINDOWS\system32\drivers\exfat.sys
13:52:44.0290 0x1938 exfat - ok
13:52:44.0368 0x1938 [ 0AE5D0CD28D26F4BC2BDCA96FC21F67F, F3EB803CE5B2D32212AE40A52C9DE074374709C296023109EAA6DF4012E7AB01 ] ExpressCache C:\Program Files\Condusiv Technologies\ExpressCache\ExpressCache.exe
13:52:44.0384 0x1938 ExpressCache - ok
13:52:44.0415 0x1938 [ 7C4E0D5900B2A1D11EDD626D6DDB937B, 732F310F8F6016C56F432A81636B13CE0124A802FE8DD91287B618EED22C9A1D ] fastfat C:\WINDOWS\system32\drivers\fastfat.sys
13:52:44.0806 0x1938 fastfat - ok
13:52:44.0868 0x1938 [ 304B6AEC4639A7CCCCF544C6BA6177B2, B75CDD52FD3890B3008E06C503945D1E36478F0EC5E067C8DBC2822D7935D24B ] Fax C:\WINDOWS\system32\fxssvc.exe
13:52:44.0946 0x1938 Fax - ok
13:52:44.0993 0x1938 [ 5D8402613E778B3BD45E687A8372710B, EE9EA10805168D309A609B9019AEC5961EE46D18207B5E0EA2DE4064A5770AF8 ] fdc C:\WINDOWS\System32\drivers\fdc.sys
13:52:45.0009 0x1938 fdc - ok
13:52:45.0056 0x1938 [ 020D2F29009F893ADEFF4405B4B44565, 9F8501064C72933D1442DA00E70392B30D0207EB7D60F50E6648FF363799E6F1 ] fdPHost C:\WINDOWS\system32\fdPHost.dll
13:52:45.0087 0x1938 fdPHost - ok
13:52:45.0087 0x1938 [ E80D2EDD2F88B6E20076A0A4F5A5A245, E3CD6E0BE152B22E8A7340EFFD10CCDB1B632CD3EDF487E83F697D2E22A7D594 ] FDResPub C:\WINDOWS\system32\fdrespub.dll
13:52:45.0118 0x1938 FDResPub - ok
13:52:45.0165 0x1938 [ 47AB7D16EDE434B934AA4D661456C2D5, D375A92FB3E4BB0A8DA5270DACC888E53FB9F514516039FE6DAE4D4EF6B9A970 ] fhsvc C:\WINDOWS\system32\fhsvc.dll
13:52:45.0446 0x1938 fhsvc - ok
13:52:45.0477 0x1938 [ BCFD8B149B3ADF92D0DB1E909CAF0265, 002B085C131473642450176B4B8359F3E5B04350AFB659B9C0F9EB587D1181E7 ] FileInfo C:\WINDOWS\system32\drivers\fileinfo.sys
13:52:45.0509 0x1938 FileInfo - ok
13:52:45.0540 0x1938 [ A1A66C4FDAFD6B0289523232AFB7D8AF, 0F5832F626BB62190D5F3A088CE6E048D8A400CCF9EA527F06973CAD96D3A81C ] Filetrace C:\WINDOWS\system32\drivers\filetrace.sys
13:52:45.0587 0x1938 Filetrace - ok
13:52:45.0602 0x1938 [ BE743083CF7063C486A4398E3AEFE59A, 85796D89943DD6FE3932C1ED6CF01470C1B4DFD243C390B07055FFDA3C231551 ] flpydisk C:\WINDOWS\System32\drivers\flpydisk.sys
13:52:45.0634 0x1938 flpydisk - ok
13:52:45.0681 0x1938 [ C1FB505A73FA2E9019D32444AB33B75A, 765F0635C18295855CA4C0394192E8B94BA2EA1C4D74F86B720358ABA019FFAA ] FltMgr C:\WINDOWS\system32\drivers\fltmgr.sys
13:52:45.0743 0x1938 FltMgr - ok
13:52:45.0868 0x1938 [ 1E93CBB75D167CDF85501A8C790097A8, C9E5DD090C94E7855939CE1F416460DB408EFF897C2CD52E0D52A734D8ED18B7 ] FontCache C:\WINDOWS\system32\FntCache.dll
13:52:46.0852 0x1938 FontCache - ok
13:52:46.0946 0x1938 [ 1C52387BF5A127F5F3BFB31288F30D93, 90D13F60170CD74304F3036A90D596AA3E1E134455A780310BDF67AC7815F2E7 ] FontCache3.0.0.0 C:\WINDOWS\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
13:52:46.0977 0x1938 FontCache3.0.0.0 - ok
13:52:47.0009 0x1938 [ A7C31B168F371E8E6796219F23E354DB, C51C9BF568F1E96CBBE57D2432B38F93F40520086DDB6AAAAC48CBCD1691B441 ] FsDepends C:\WINDOWS\system32\drivers\FsDepends.sys
13:52:47.0040 0x1938 FsDepends - ok
13:52:47.0071 0x1938 [ 09F460AFEDCA03F3BF6E07D1CCC9AC42, B832091BC9B2C2FE38A4BCA132ABB58251E851F21EC6F39636E73777AB9A5791 ] Fs_Rec C:\WINDOWS\system32\drivers\Fs_Rec.sys
13:52:47.0087 0x1938 Fs_Rec - ok
13:52:47.0134 0x1938 [ F152D55E497E12256290C43B31C7D0CE, FFC54B14CCFBC1548948C07FB3866E40A11D0C05AC352BD000E71CEF053F6A6E ] fvevol C:\WINDOWS\system32\DRIVERS\fvevol.sys
13:52:47.0399 0x1938 fvevol - ok
13:52:47.0431 0x1938 [ 9591D0B9351ED489EAFD9D1CE52A8015, AC64C236C3AE545FCE8ED44A4A87FB86265A453BA60026EC9A4DE2B631E99996 ] FxPPM C:\WINDOWS\System32\drivers\fxppm.sys
13:52:47.0462 0x1938 FxPPM - ok
13:52:47.0478 0x1938 [ FC3EF65EE20D39F8749C2218DBA681CA, 12980F1DE99B25E6920A33556F3ABDA5EC9BFE4757BE602130B5E939D8D25CE3 ] gagp30kx C:\WINDOWS\system32\drivers\gagp30kx.sys
13:52:47.0509 0x1938 gagp30kx - ok
13:52:47.0556 0x1938 [ C403C5DB49A0F9AAF4F2128EDC0106D8, 3C6948B63278022D8182F773C5FA15784514F76C1546118DDBADBA322B962D12 ] GamesAppService C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe
13:52:47.0587 0x1938 GamesAppService - ok
13:52:47.0618 0x1938 [ 0BF5CAD281E25F1418E5B8875DC5ADD1, 0929AD8437DD78234553D8B2CDF0D6838FD54ACDE1918AFEBE48684EB32A07A3 ] gencounter C:\WINDOWS\System32\drivers\vmgencounter.sys
13:52:47.0649 0x1938 gencounter - ok
13:52:47.0681 0x1938 [ 8DF1254093B5C354CE725EB6B9B0DE19, DE6C5661CC076DA44B8A5D044FDB7280EDCF38D322A98C14FDC82E25586B3014 ] GPIOClx0101 C:\WINDOWS\system32\Drivers\msgpioclx.sys
13:52:47.0727 0x1938 GPIOClx0101 - ok
13:52:48.0009 0x1938 [ 0D03F87D4FF4ADBAF8336DD80548155A, BC10CFA88EA2F41A8D96CB810B7953A4C168B79273A3E804A9F020F49AB58CD3 ] gpsvc C:\WINDOWS\System32\gpsvc.dll
13:52:48.0134 0x1938 gpsvc - ok
13:52:48.0181 0x1938 [ D4B7ED39C7900384D9E5C1283F1E7926, F93F98858067B40F1C071EAD0F8E85442A78B95342BC692AF4D726540634923F ] HDAudBus C:\WINDOWS\System32\drivers\HDAudBus.sys
13:52:48.0727 0x1938 HDAudBus - ok
13:52:48.0743 0x1938 [ 10A70BC1871CD955D85CD88372724906, 2480A74854D0A89FF028EE9BA41224D4B2F9B0863066BFC43097920794FEE08D ] HidBatt C:\WINDOWS\System32\drivers\HidBatt.sys
13:52:48.0774 0x1938 HidBatt - ok
13:52:48.0806 0x1938 [ 42F88B57CAE42FC10059C887B3FCFCEA, 9363AA2B8E839A6935A7C6A36C491938DF78024886DCCE6D29CB18E1D6A6D806 ] HidBth C:\WINDOWS\System32\drivers\hidbth.sys
13:52:48.0946 0x1938 HidBth - ok
13:52:48.0978 0x1938 [ C241A8BAFBBFC90176EA0F5240EACC17, 571E20B87818618BE9179986177D55739A240F04D1F740B3C1B7809B9427B767 ] hidi2c C:\WINDOWS\System32\drivers\hidi2c.sys
13:52:49.0009 0x1938 hidi2c - ok
13:52:49.0024 0x1938 [ 9BDDEE26255421017E161CCB9D5EDA95, B766FD5E31708F29384F69418FC33C4BCC6E3064AA553D5B1D30EE0B8B1BFB40 ] HidIr C:\WINDOWS\System32\drivers\hidir.sys
13:52:49.0056 0x1938 HidIr - ok
13:52:49.0087 0x1938 [ EA85B5093DF7B5C3E80362B053740AE2, 1D4251385402A2ADEE8FA1642F54180304F88337DA74989BDE44025ABB145FE5 ] hidserv C:\WINDOWS\system32\hidserv.dll
13:52:49.0149 0x1938 hidserv - ok
13:52:49.0196 0x1938 [ 894D982CEAB8CD45A56AE2C9988E86C0, AA2DEB62CB69FF1AEF772989342F2CF77CA48F212C9489A92A4FF97FD46D3866 ] HIDSwitch C:\WINDOWS\System32\drivers\AsHIDSwitch64.sys
13:52:49.0212 0x1938 HIDSwitch - ok
13:52:49.0243 0x1938 [ 8DB8EAB9D0C6A5DF0BDCADEA239220B4, EDA23E6909EB83E5E148816DFB16CC29EA01BD6BD2F73AA46B3D820B85FB9C83 ] HidUsb C:\WINDOWS\System32\drivers\hidusb.sys
13:52:49.0259 0x1938 HidUsb - ok
13:52:49.0306 0x1938 [ 93C4315F47F8D635C6DB0DF49FCE10EE, 70C52B8927D54ACD23F27948780B522974250FD5CD81AA9801C3F158C402889F ] hkmsvc C:\WINDOWS\system32\kmsvc.dll
13:52:49.0446 0x1938 hkmsvc - ok
13:52:49.0493 0x1938 [ AC49522ED106BD4B545D6614D71C2445, 40BD738A301170378ECFC031635EB04E2F812B676376CADDD6607ECABEC9255F ] HomeGroupListener C:\WINDOWS\system32\ListSvc.dll
13:52:49.0915 0x1938 HomeGroupListener - ok
13:52:49.0962 0x1938 [ 99932E30CE0283B73BB6E5019E150394, 1F88C2F56A7B8E1F75E6359281F418F9661DA4FB7B7D7B14FA7F718B15D4DCE0 ] HomeGroupProvider C:\WINDOWS\system32\provsvc.dll
13:52:50.0024 0x1938 HomeGroupProvider - ok
13:52:50.0056 0x1938 [ A6AACEA4C785789BDA5912AD1FEDA80D, D197012A5DA6AB3F76FF298336DF0CF027C07ECC71267BAEF5912DE12893E096 ] HpSAMD C:\WINDOWS\system32\drivers\HpSAMD.sys
13:52:50.0087 0x1938 HpSAMD - ok
13:52:50.0165 0x1938 [ E87A6D3B8FECD5B93BC0CFBB48C27970, 55C49B6F3822450447C082B40A263F3370694DB53AD0018ADEB911E4A9F65A88 ] HTTP C:\WINDOWS\system32\drivers\HTTP.sys
13:52:50.0274 0x1938 HTTP - ok
13:52:50.0306 0x1938 [ 90656C0B3864804B090434EFC582404F, BDB60050B729AACB9E009AC7129BEBD6298BBD8A9DB14B817D02E8E13669BD6E ] hwpolicy C:\WINDOWS\system32\drivers\hwpolicy.sys
13:52:50.0337 0x1938 hwpolicy - ok
13:52:50.0368 0x1938 [ 6D6F9E3BF0484967E52F7E846BFF1CA1, C982966BDE6A3E6773D9441ADA7A3B08D13511DFC68D04DF303248B942423F38 ] hyperkbd C:\WINDOWS\System32\drivers\hyperkbd.sys
13:52:50.0384 0x1938 hyperkbd - ok
13:52:50.0399 0x1938 [ 907C870F8C31F8DDD6F090857B46AB25, 308664A31717383D06185875E76C6612407A9F04E7DB28404F574A5706C6715D ] HyperVideo C:\WINDOWS\system32\DRIVERS\HyperVideo.sys
13:52:50.0431 0x1938 HyperVideo - ok
13:52:50.0478 0x1938 [ 49EE0AE9E5B64FFBBD06D55C4984B598, 8866627F9241B24A59C81D8BCC67A4DCA87576F589599BA291D0E323F679EB4D ] i8042prt C:\WINDOWS\System32\drivers\i8042prt.sys
13:52:50.0509 0x1938 i8042prt - ok
13:52:50.0540 0x1938 [ 5D90E32E36CE5D4C535D17CE08AEAF05, 976A463343E8C8308AFBE9E64DF56C430D2241DE002430D00318AB065EB72E4A ] iaLPSSi_GPIO C:\WINDOWS\System32\drivers\iaLPSSi_GPIO.sys
13:52:50.0556 0x1938 iaLPSSi_GPIO - ok
13:52:50.0587 0x1938 [ DD05E7E80F52ADE9AEB292819920F32C, E71AB6A50B0F90C8F94569CE89F66F915A0A4A00D4AC091B2E5E750D88CFC334 ] iaLPSSi_I2C C:\WINDOWS\System32\drivers\iaLPSSi_I2C.sys
13:52:50.0602 0x1938 iaLPSSi_I2C - ok
13:52:50.0665 0x1938 [ 0A34D806EF2767E62CAFEA1A150A8830, 2C5C9C0924C6AE379E3CD071E6687885006843A17742B083CE14719F666F7FE6 ] iaStorA C:\WINDOWS\system32\drivers\iaStorA.sys
13:52:50.0728 0x1938 iaStorA - ok
13:52:50.0774 0x1938 [ 08BFE413B0B4AA8DFA4B5684CE06D3DC, 95DEEBB203E12EE6E191F5247A74C04AEC0E16DE981FADDC4D6C42EE41D8D079 ] iaStorAV C:\WINDOWS\system32\drivers\iaStorAV.sys
13:52:50.0837 0x1938 iaStorAV - ok
13:52:50.0884 0x1938 [ A2200C3033FA4EF249FC096A7A7D02A2, 5819F5C2020DE2EEE339B0C08CD4B1E3490EAFBBEA1277CE649DB5A5150986B0 ] iaStorV C:\WINDOWS\system32\drivers\iaStorV.sys
13:52:50.0931 0x1938 iaStorV - ok
13:52:51.0087 0x1938 [ B1CA6DD6534B546A2599187AE4BD9DD2, 0C56E2078FC812BD0C1E43154E3F86BCC1C4EDF36039A27F56AAC47424F635E5 ] IDSVia64 C:\Program Files (x86)\Norton 360\NortonData\22.5.2.15\Definitions\IPSDefs\20150909.001\IDSvia64.sys
13:52:51.0274 0x1938 IDSVia64 - ok
13:52:51.0290 0x1938 IEEtwCollectorService - ok
13:52:51.0571 0x1938 [ 16D939A13CFB82DEE0B9DB12E45C7B4E, D09C57DE3EF7F6BEDD354FEEDB46260FDCF9F9A0F2D096FFD518509AD041AAC5 ] igfx C:\WINDOWS\system32\DRIVERS\igdkmd64.sys
13:52:51.0868 0x1938 igfx - ok
13:52:52.0009 0x1938 [ 57322EBB67A59FB64E228F31A84CA43D, 258DA26BDFAB635F145E55CF65CDFCFE4EB91454E3F930489E92810250EF9FD7 ] IKEEXT C:\WINDOWS\System32\ikeext.dll
13:52:52.0103 0x1938 IKEEXT - ok
13:52:52.0149 0x1938 [ DB65573521AB51941F4FA799D0968136, 418F5E3FE725B7B114F3DAEBDCEBCE7F4AD8ECAAFF572C02BA9ACCE86D55BFD8 ] intaud_WaveExtensible C:\WINDOWS\system32\drivers\intelaud.sys
13:52:52.0165 0x1938 intaud_WaveExtensible - ok
13:52:52.0884 0x1938 [ CC279B89A16615B8DD13422544F6B478, DFC6AF05670CA79D8CC2C89FB5FBD8EECC4FB159CD8EFE422F06BE2A272608B6 ] IntcAzAudAddService C:\WINDOWS\system32\drivers\RTKVHD64.sys
13:52:53.0212 0x1938 IntcAzAudAddService - ok
13:52:53.0306 0x1938 [ D6A22510D795928E8840619900D672B4, 296F232B0A6D42840A745E4706D2815F6D2E4279DBD90112CBFBFF8833B724AF ] IntcDAud C:\WINDOWS\system32\DRIVERS\IntcDAud.sys
13:52:53.0368 0x1938 IntcDAud - ok
13:52:53.0493 0x1938 [ 0DB1E3F6189C628675F855C0EB510419, 989F539E82105019D2D81255369B96DC65826CD2A421DA09809155B26F69C555 ] Intel(R) Capability Licensing Service Interface C:\Program Files\Intel\iCLS Client\HeciServer.exe
13:52:53.0665 0x1938 Intel(R) Capability Licensing Service Interface - detected UnsignedFile.Multi.Generic ( 1 )
13:52:56.0150 0x1938 Detect skipped due to KSN trusted
13:52:56.0150 0x1938 Intel(R) Capability Licensing Service Interface - ok
13:52:56.0228 0x1938 [ 492AAF2FF66F437F0E796574B116EFC3, 6BF21C61ED05705DD58203952A750D1AB4D4B62F3A2B640BBBD9B85D1ECC3E5C ] Intel(R) Capability Licensing Service TCP IP Interface C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe
13:52:56.0290 0x1938 Intel(R) Capability Licensing Service TCP IP Interface - ok
13:52:56.0368 0x1938 [ 57739E742ABC085C2A4340D4404B4A8B, B4B85C35AC96D11F5940AFCB15A2B2A41D70E3C392E1D4D9353899FA140FF281 ] Intel(R) ME Service C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
13:52:56.0384 0x1938 Intel(R) ME Service - ok
13:52:56.0415 0x1938 [ 4E448FCFFD00E8D657CD9E48D3E47157, 4A958CF0BF8DAEAE5E008500BA67CE89B21388592811274331EE39CAC1043A00 ] intelide C:\WINDOWS\system32\drivers\intelide.sys
13:52:56.0431 0x1938 intelide - ok
13:52:56.0478 0x1938 [ 7AA01AB1C110916825E6E1389F1B9AF2, E2885955AFA0908E194B1BC364C9582249B2B2AFFF93F17F3414F55B1E5F2C42 ] intelpep C:\WINDOWS\system32\drivers\intelpep.sys
13:52:56.0509 0x1938 intelpep - ok
13:52:56.0540 0x1938 [ 47E74A8E53C7C24DCE38311E1451C1D9, 79B06E37A552C8A847404D4C572CDB8CF525354D8AE3BEBC06892B7C3B330761 ] intelppm C:\WINDOWS\System32\drivers\intelppm.sys
13:52:56.0571 0x1938 intelppm - ok
13:52:56.0603 0x1938 [ 9DB76D7F9E4E53EFE5DD8C53DE837514, 07BA4EDA9BE9139A689A2C3EFC1D1A4F3D1216625ED145F313398292A2CD5703 ] IpFilterDriver C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
13:52:56.0649 0x1938 IpFilterDriver - ok
13:52:56.0728 0x1938 [ A5800036E4EA06697A34742A24ACFBE1, BA67060526E9213000B4206F86A74F904999AD7018EFCBE4FE9708650DA9D973 ] iphlpsvc C:\WINDOWS\System32\iphlpsvc.dll
13:52:57.0134 0x1938 iphlpsvc - ok
13:52:57.0149 0x1938 [ 9C096BF5E10CA8BFA56F32522A89FAF1, 6C1151160799338DA351C7237AB049926C6C15F24F5E154BBF5929B4A96C0B8D ] IPMIDRV C:\WINDOWS\System32\drivers\IPMIDrv.sys
13:52:57.0181 0x1938 IPMIDRV - ok
13:52:57.0212 0x1938 [ B7342B3C58E91107F6E946A93D9D4EFD, D5DA3C02C5C5A343785745EF6983CC9B5FBD3FB8D49FE9B450523E50212D1A32 ] IPNAT C:\WINDOWS\system32\drivers\ipnat.sys
13:52:57.0259 0x1938 IPNAT - ok
13:52:57.0290 0x1938 [ AE44C526AB5F8A487D941CEB57B10C97, A783A2EAF7A6FF450FB3F189A5930036FA60D125C42171AC44B6FE2E3DBD6F7A ] IRENUM C:\WINDOWS\system32\drivers\irenum.sys
13:52:57.0337 0x1938 IRENUM - ok
13:52:57.0353 0x1938 [ 8AFEEA3955AA43616A60F133B1D25F21, E99359A4F1D653790133F145CF7C9F97399FD75C5E135AA7E5F989BB660789AF ] isapnp C:\WINDOWS\system32\drivers\isapnp.sys
13:52:57.0384 0x1938 isapnp - ok
13:52:57.0431 0x1938 [ D90AB68D0FAC9F357F663670FDBB511E, A82AAA5DF1B38EFBDCF834535A0C520D1BB2D7A4A906C18CFDD22BCF16BDB97D ] iScsiPrt C:\WINDOWS\System32\drivers\msiscsi.sys
13:52:57.0462 0x1938 iScsiPrt - ok
13:52:57.0571 0x1938 [ 5C9B001D8970C2DA36254A916F3DA8F7, 625AC5C3DFAE52BD34EC3F93742D1D2C229785E4F0F3484CFB7B8728A1C830DF ] iumsvc C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\iumsvc.exe
13:52:57.0587 0x1938 iumsvc - ok
13:52:57.0618 0x1938 [ 2C04ACF9070282AC9AA837C52CA3C128, 2C68FE2E876E5089F27021038E868E21288F694F3ED0390AED5B4712CC7567EC ] iwdbus C:\WINDOWS\System32\drivers\iwdbus.sys
13:52:57.0634 0x1938 iwdbus - ok
13:52:57.0681 0x1938 [ 52069AEB42D3D0F97CBCA1085EBF55E6, ADB2EFFF563B3FE113FCD156FD1E469BC24FC1D68AFEDCA21306F76592C9FF88 ] jhi_service C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
13:52:57.0712 0x1938 jhi_service - ok
13:52:57.0743 0x1938 [ 5917AFE4A3F695A54B99C1849C8207FE, DD57638966F2F0387DCF9DA4BBAEE3CDD8CC6F1A2D49581A0374D46A565BED4F ] kbdclass C:\WINDOWS\System32\drivers\kbdclass.sys
13:52:57.0774 0x1938 kbdclass - ok
13:52:57.0790 0x1938 [ 8CD840A062F6BDF41DDE3ACB96164B72, AEAE867F3557C1CE6B931E19D7144A3BD3CBABD81B1542667680D54FC24DEBE1 ] kbdhid C:\WINDOWS\System32\drivers\kbdhid.sys
13:52:57.0821 0x1938 kbdhid - ok
13:52:57.0853 0x1938 [ A8080BEBCDB7A16495CE1205921DCAC5, D4B0EF97B75BF75934A0BEEE48CACD20E8F505600C3A07243DF7627680EE8552 ] kbfiltr C:\WINDOWS\System32\drivers\kbfiltr.sys
13:52:58.0134 0x1938 kbfiltr - ok
13:52:58.0165 0x1938 [ 813871C7D402A05F2E3A7075F9584A05, FF0C2F87EB083F8CE74C679D80C845CDFBFBBC70BE818F899F3336BBB54A3FFB ] kdnic C:\WINDOWS\system32\DRIVERS\kdnic.sys
13:52:58.0196 0x1938 kdnic - ok
13:52:58.0212 0x1938 [ 382100E75B6F4668AEAEF228C6CEFFAD, 9C7229F10F11D18E1FED6395391A46225A84B421034B9AB6F81AF7430FDC556F ] KeyIso C:\WINDOWS\system32\lsass.exe
13:52:58.0259 0x1938 KeyIso - ok
13:52:58.0290 0x1938 [ 4E829B18D5BAEC29893792A3C671A847, 64C3B99F53A9D1ACA802B46B09E820AD210B667D5A1CD0ADAF1F12944B15B52E ] KSecDD C:\WINDOWS\system32\Drivers\ksecdd.sys
13:52:58.0321 0x1938 KSecDD - ok
13:52:58.0368 0x1938 [ 46711F40D0F9E63F786ED23F9BD5215E, 1FBC5101D843E5B43184C98B3D9AF3015C9409EEA6C7BB01B143FD08D4946FC0 ] KSecPkg C:\WINDOWS\system32\Drivers\ksecpkg.sys
13:52:58.0399 0x1938 KSecPkg - ok
13:52:58.0431 0x1938 [ 11AFB527AA370B1DAFD5C36F35F6D45F, 757AD234284467ADB826F7CA0251F58D48866B91995BC867DEA4BAF676947163 ] ksthunk C:\WINDOWS\system32\drivers\ksthunk.sys
13:52:58.0462 0x1938 ksthunk - ok
13:52:58.0556 0x1938 [ C1591A66028C71147A3E2EAB0B1CCB7E, 82F3D5DCC1614398A144D9791E4BAA814DBA9112677341FD57D5E9834CEDEB41 ] KtmRm C:\WINDOWS\system32\msdtckrm.dll
13:52:58.0618 0x1938 KtmRm - ok
13:52:58.0728 0x1938 [ CA2828DDE4B09FEFFDB7CE68B3D8D00A, B514792FF1EF36C678BB51644A1C420105D5E2CD6DD5A89A3FB252D08277A40C ] LanmanServer C:\WINDOWS\system32\srvsvc.dll
13:52:58.0821 0x1938 LanmanServer - ok
13:52:58.0900 0x1938 [ 3DBD9100745F9B8506B8FEC6FE6CCDE3, C3EF2856A1680AFDE133887E48946CF9CAB6755C3BDC07F0326965DCD4096F62 ] LanmanWorkstation C:\WINDOWS\System32\wkssvc.dll
13:52:59.0150 0x1938 LanmanWorkstation - ok
13:52:59.0196 0x1938 [ 8B9F3796EC1762CF255BDB324E5529C8, F73D6BEF19BE20AEB18DA82CB63E9D8B50ACBBE4ED9B646EF0C9F598F6B81F94 ] lfsvc C:\WINDOWS\System32\GeofenceMonitorService.dll
13:52:59.0384 0x1938 lfsvc - ok
13:52:59.0400 0x1938 [ C09010B3680860131631F53E8FE7BAD8, 35F2A06D5F29478D22ABDCC20DA893EF9D96504C65594A0CEA674D1C21B04FF8 ] lltdio C:\WINDOWS\system32\DRIVERS\lltdio.sys
13:52:59.0446 0x1938 lltdio - ok
13:52:59.0493 0x1938 [ DAE98CC96C5EE308BF4EA7B18F226CB8, 7A6CC56BF075010707715AB6608764291E358EDF27C806A025532869004C686B ] lltdsvc C:\WINDOWS\System32\lltdsvc.dll
13:52:59.0696 0x1938 lltdsvc - ok
13:52:59.0728 0x1938 [ 1E2662D847B7D9995C65D90D254A7E0F, AFD4063D2071FFCB6B0EAC0715276D986F42326919C86E525DCE12E1109A93E2 ] lmhosts C:\WINDOWS\System32\lmhsvc.dll
13:52:59.0775 0x1938 lmhosts - ok
13:52:59.0837 0x1938 [ B16F2A40E738277AB75515D4B024305E, 38F48CCD72FA2B32DFD3123C0864AB724AC673414EEE09C6F582754177CD4B98 ] LMS C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
13:52:59.0868 0x1938 LMS - ok
13:52:59.0915 0x1938 [ C755AE4635457AA2A11F79C0DF857ABC, E03D1ACAC155287291FE1BD0B653953ADC94279A74D0152088D698FAA796460F ] LSI_SAS C:\WINDOWS\system32\drivers\lsi_sas.sys
13:52:59.0946 0x1938 LSI_SAS - ok
13:52:59.0962 0x1938 [ ADAC09CBE7A2040B7F68B5E5C9A75141, 7865DA7E91404F3642BC444B97F6B7AA42B9523D5EDD7F6365DA236B8EC3410F ] LSI_SAS2 C:\WINDOWS\system32\drivers\lsi_sas2.sys
13:52:59.0993 0x1938 LSI_SAS2 - ok
13:53:00.0009 0x1938 [ 04D1274BB9BBCCF12BD12374002AA191, 4B9618F8D25F2278DE1610A70ACAADB074D171D162C3AF27D464F5DC800A8E60 ] LSI_SAS3 C:\WINDOWS\system32\drivers\lsi_sas3.sys
13:53:00.0040 0x1938 LSI_SAS3 - ok
13:53:00.0056 0x1938 [ 327469EEF3833D0C584B7E88A76AEC0C, 3D88B5A2D68F93F01B39C6E3D8D5C7A2A20686EFC756086E66AFFF1BC3019B85 ] LSI_SSS C:\WINDOWS\system32\drivers\lsi_sss.sys
13:53:00.0087 0x1938 LSI_SSS - ok
13:53:00.0150 0x1938 [ 9A7A7E45DAED2E8C2816716D8D28236A, C94787988826E546A8DC752BD6BE4EA7423DC3762B2D371DB297A63F865A95FF ] LSM C:\WINDOWS\System32\lsm.dll
13:53:00.0446 0x1938 LSM - ok
13:53:00.0478 0x1938 [ DDEE191AB32DFC22C6465002ECDF5EE4, 190C3930A8449118F9FEDF43C482837EF1C255E6D67F9651156E66A1E2BC6553 ] luafv C:\WINDOWS\system32\drivers\luafv.sys
13:53:00.0509 0x1938 luafv - ok
13:53:00.0540 0x1938 [ EB5C03A070F30D64A6DF80E53B22F53F, 12051B6AEBDEE1E28F24364F25A52BA3A6E282ECF86D6290E34BD38E6D4E066D ] megasas C:\WINDOWS\system32\drivers\megasas.sys
13:53:00.0571 0x1938 megasas - ok
13:53:00.0618 0x1938 [ F6F13533196DE7A582D422B0241E4363, B3CD9B08937AFFF12141B38634AF3A56F5AC5FF3EF03941802B9841DEC559469 ] megasr C:\WINDOWS\system32\drivers\megasr.sys
13:53:00.0696 0x1938 megasr - ok
13:53:00.0728 0x1938 [ E0EF6C1399A9B1AAA0B28590411BED04, 10C193D1ED434A6DC2AD8C450012B9AF1C848A0A0B3B775F13495648FB77E009 ] MEIx64 C:\WINDOWS\system32\DRIVERS\TeeDriverx64.sys
13:53:00.0743 0x1938 MEIx64 - ok
13:53:00.0790 0x1938 [ 4C5179DB61B9E14BEC15CDC4B152B2E9, 9048BEC7AD6A3F4B640E99B1F0365AC9A46740B188758FBB2C160EF30AD6E64B ] MMCSS C:\WINDOWS\system32\mmcss.dll
13:53:01.0181 0x1938 MMCSS - ok
13:53:01.0212 0x1938 [ 8B38C44F69259987C95135C9627E2378, E698B82D4EFFF56D66C7FC9866369BA5736FDBDBE2028CC421C51E70DEA74727 ] Modem C:\WINDOWS\system32\drivers\modem.sys
13:53:01.0243 0x1938 Modem - ok
13:53:01.0275 0x1938 [ 601589000CC90F0DF8DA2CC254A3CCC9, D1238A386C41B6C368D9A44B7C112C943995B5403E2A5B4B7346B266DDB0C5A0 ] monitor C:\WINDOWS\System32\drivers\monitor.sys
13:53:01.0306 0x1938 monitor - ok
13:53:01.0321 0x1938 [ 08374E4E5B8914DE6067CBA99F61E930, CBB1390D6523FC968BEDF78FD13699488621ACB2CD1DF55D1606316090548661 ] mouclass C:\WINDOWS\System32\drivers\mouclass.sys
13:53:01.0353 0x1938 mouclass - ok
13:53:01.0384 0x1938 [ 5FCBAB60598AE119E02B4C27DE6B99EA, 36F30094F700DE41C293047ACB49ED1961DD927BEDAD8DFDAB7023D4D24CB0DE ] mouhid C:\WINDOWS\System32\drivers\mouhid.sys
13:53:01.0415 0x1938 mouhid - ok
13:53:01.0462 0x1938 [ 9A788037D768809DFD677F4BA08A224A, E0686B3318F924E440ADA439D6671D44D3FF97C13D45C2E0A3A7B9E23DA38350 ] mountmgr C:\WINDOWS\system32\drivers\mountmgr.sys
13:53:01.0493 0x1938 mountmgr - ok
13:53:01.0525 0x1938 [ 22A7042C70F90F8261840740DDBB5176, AD0075C97D2D7C568D5CFB1C3A02DCE3BC01941844A759B29CD4DE4AF2F5FC45 ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
13:53:01.0556 0x1938 MozillaMaintenance - ok
13:53:01.0587 0x1938 [ 6FC047578785B0435F4E2660946D1ADC, 8AEA5659F01FC2F75160922C69622502DABA39F33CB90D5178DD679A1CDE617D ] mpsdrv C:\WINDOWS\system32\drivers\mpsdrv.sys
13:53:01.0618 0x1938 mpsdrv - ok
13:53:01.0696 0x1938 [ C18AA14126ADC66478E8E962B2DFAA98, A6F8CE9D88D590DC083253004392572C3BD02C33433CD6C0D9117D2AA7171EEC ] MpsSvc C:\WINDOWS\system32\mpssvc.dll
13:53:01.0900 0x1938 MpsSvc - ok
13:53:01.0962 0x1938 [ DB32958F0E704EFBF7F15161A569E39F, 8A26448B954F8A16EE9BA72EF47F6C549A75B30BD13FEB5A29EB099A74D8F678 ] MRxDAV C:\WINDOWS\system32\drivers\mrxdav.sys
13:53:02.0259 0x1938 MRxDAV - ok
13:53:02.0306 0x1938 [ 6FBDF2B1B025A8E6E069234362FFFFB7, CF1AFC088F59AD61037F4C4650F3BAEE7FE37C40B3A27B903475F005410F8155 ] mrxsmb C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
13:53:02.0696 0x1938 mrxsmb - ok
13:53:02.0743 0x1938 [ BCBD64220AD85C26823453FF1DC3EFBD, 0245E3659E9135B9276F3CCFBEA0CEFFC4F4C0826F6D19B6329057620235F087 ] mrxsmb10 C:\WINDOWS\system32\DRIVERS\mrxsmb10.sys
13:53:03.0212 0x1938 mrxsmb10 - ok
13:53:03.0243 0x1938 [ 57C2473D501331211D6885FD59F3E44B, 10253703DB32A32291C61B6962A79E374B5DF7DD14A6B6AFD08A99EF26206619 ] mrxsmb20 C:\WINDOWS\system32\DRIVERS\mrxsmb20.sys
13:53:03.0618 0x1938 mrxsmb20 - ok
13:53:03.0650 0x1938 [ F3C060444777A59FC63D920719E43CCD, 8766A2746E3DFB0749E902F458141269335CA6F0CEDCA3D5F8C204637C19E783 ] MsBridge C:\WINDOWS\system32\DRIVERS\bridge.sys
13:53:03.0681 0x1938 MsBridge - ok
13:53:03.0728 0x1938 [ 915747E010A9414B069173284A9B93F4, 8A335C28FE1EF96DD71485877F2E86155D24B5614ACE05468F4B07E2ACD56331 ] MSDTC C:\WINDOWS\System32\msdtc.exe
13:53:03.0759 0x1938 MSDTC - ok
13:53:03.0806 0x1938 [ D13329FBF8345B28AB30F44CC247DC08, 9C7EC2D4D65E6510EB5B9E61BB0D14F725D7E8FE98D65161C3971E43EF1AB6EB ] Msfs C:\WINDOWS\system32\drivers\Msfs.sys
13:53:03.0837 0x1938 Msfs - ok
13:53:03.0853 0x1938 [ C6B474E46F9E543B875981ED3FFE6ADD, E16687E52FB649C23D92159A1F036CB662202C1E58D961EECDAA528AA4FA669A ] msgpiowin32 C:\WINDOWS\System32\drivers\msgpiowin32.sys
13:53:03.0868 0x1938 msgpiowin32 - ok
13:53:03.0900 0x1938 [ 65C92EB9D08DB5C69F28C7FFD4E84E31, D709BA4723225321F665B1157A33A4AE230420752308EF535DA9A41CAC164628 ] mshidkmdf C:\WINDOWS\System32\drivers\mshidkmdf.sys
13:53:03.0931 0x1938 mshidkmdf - ok
13:53:03.0946 0x1938 [ 52299F086AC2DAFD100DD5DC4A8614BA, B36BE0FC96798E5EB8C193C318970E3906961E3ABC3BFAAD73138C76D9A95B0B ] mshidumdf C:\WINDOWS\System32\drivers\mshidumdf.sys
13:53:03.0978 0x1938 mshidumdf - ok
13:53:04.0009 0x1938 [ 36D92AF3343C3A3E57FEF11C449AEA4C, ECC85AA1E530DF55B4A4545798219F87F0FCA66DDD2E37BCEF0850D3C9129DD2 ] msisadrv C:\WINDOWS\system32\drivers\msisadrv.sys
13:53:04.0025 0x1938 msisadrv - ok
13:53:04.0071 0x1938 [ 4EAEEBAC8CFF4E0D717DFA920BC58A90, A65CB1BB3392B6A04B978348CAC18A414560A6B04A727F22DFC0ADB20DD3AF6B ] MSiSCSI C:\WINDOWS\system32\iscsiexe.dll
13:53:04.0181 0x1938 MSiSCSI - ok
13:53:04.0196 0x1938 msiserver - ok
13:53:04.0212 0x1938 [ A9BBBD2BAE6142253B9195E949AC2E8D, 599D2952D4E0B0B3E02D91E38A30F4900B1ADA330716B887B156A1CB9A3E6EE9 ] MSKSSRV C:\WINDOWS\system32\drivers\MSKSSRV.sys
13:53:04.0228 0x1938 MSKSSRV - ok
13:53:04.0259 0x1938 [ 51B3AC0560848CD6D65AC2033E293113, 73A27E88774C6929328E6C9FC9C389F4DF76D4D4D5CBFC4F51651CC308829628 ] MsLldp C:\WINDOWS\system32\DRIVERS\mslldp.sys
13:53:04.0384 0x1938 MsLldp - ok
13:53:04.0400 0x1938 [ 7B2128EB875DCBC006E6A913211006D6, 97BBD7FF770741FBFC0F181A609AD0954EA926DA203B742E8F08C89AD8FE476E ] MSPCLOCK C:\WINDOWS\system32\drivers\MSPCLOCK.sys
13:53:04.0431 0x1938 MSPCLOCK - ok
13:53:04.0446 0x1938 [ 1E88171579B218115C7A772F8DE04BD8, B9EAA835D0BF8F9C4DF8403D95EF1400E8AE38F28F9DBA87657DE2129FEF02D2 ] MSPQM C:\WINDOWS\system32\drivers\MSPQM.sys
13:53:04.0478 0x1938 MSPQM - ok
13:53:04.0540 0x1938 [ BBE2A455053E63BECBF42C2F9B21FAE0, 7C5DF563499DF59DF9895A1581E47ADF5FD54C94ECEF6C886CDB60E5E95A6DAE ] MsRPC C:\WINDOWS\system32\drivers\MsRPC.sys
13:53:04.0634 0x1938 MsRPC - ok
13:53:04.0650 0x1938 [ 8D6B7D515C5CBCDB75B928A0B73C3C5E, 1EB4DC3DD21D2627C78EC3F9931D9E5D033169087E43B5D7C17BF1FF2A0028CD ] mssmbios C:\WINDOWS\System32\drivers\mssmbios.sys
13:53:04.0681 0x1938 mssmbios - ok
13:53:04.0712 0x1938 [ 115019AE01E0EB9C048530D2928AB4A2, 6E2275E85EACF2D0FC784792E0D72A165589D33CBAB3BCFA8E271CA09566C925 ] MSTEE C:\WINDOWS\system32\drivers\MSTEE.sys
13:53:04.0743 0x1938 MSTEE - ok
13:53:04.0759 0x1938 [ 96D604A35070360F0DD4A7A8AF410B5E, F94DD1A3566C7C8D0A76D6E1E2530552A9B7F99C5DA0DE11829325EAB9F8B7ED ] MTConfig C:\WINDOWS\System32\drivers\MTConfig.sys
13:53:04.0790 0x1938 MTConfig - ok
13:53:04.0822 0x1938 [ 619CA29326B82372621DB2C0964D8365, 4091F08E266DB45A6E33A4A8B1CE9FA78BB294B3111526AA9E3868620F30AFDF ] Mup C:\WINDOWS\system32\Drivers\mup.sys
13:53:04.0853 0x1938 Mup - ok
13:53:04.0868 0x1938 [ B8C35C94DCB2DFEAF03BB42131F2F77F, F0FCF367CA8F722D6ABCF7F363CD406D890D71452E91C3FC6677B47AD74D6324 ] mvumis C:\WINDOWS\system32\drivers\mvumis.sys
13:53:04.0900 0x1938 mvumis - ok
13:53:05.0165 0x1938 [ 09EA30AD32C1B0B4581CB51D183164E4, 0EE238B87E048F4E44F04FA58C6351090C875016C158A2921598BCAED1BA05DF ] N360 C:\Program Files (x86)\Norton 360\Engine\22.5.2.15\N360.exe
13:53:05.0196 0x1938 N360 - ok
13:53:05.0259 0x1938 [ 8DF30698BDD9492A9D45A4B94FB4A82A, 26B1B2D7E785E29B8BCB74C467C66AE4EBDD481ACFF36334F3BDF4506B778244 ] napagent C:\WINDOWS\system32\qagentRT.dll
13:53:05.0618 0x1938 napagent - ok
13:53:05.0665 0x1938 [ 008F7CED69FD5B30CBDE1E03C6F36A27, D4ADA7834C470B17A3CD976012DC5A511B32545B9F91D23D09A85722E0B75320 ] NativeWifiP C:\WINDOWS\system32\DRIVERS\nwifi.sys
13:53:05.0728 0x1938 NativeWifiP - ok
13:53:05.0790 0x1938 [ 5A4EC58A5F2E63DB2092B343CF1B2834, 33F957565E38A3A2842DDB16D7C969F93A4FB888DB5AFBBF5431A712FADE4E13 ] NAVENG C:\Program Files (x86)\Norton 360\NortonData\22.5.2.15\Definitions\VirusDefs\20150909.016\ENG64.SYS
13:53:06.0150 0x1938 NAVENG - ok
13:53:06.0509 0x1938 [ 526EA496D7F06B3746775046B33027C1, FEC0B860F49C28ED6ED721A09D19239BB1E20CE3A29697B24B2FE604AE0EB808 ] NAVEX15 C:\Program Files (x86)\Norton 360\NortonData\22.5.2.15\Definitions\VirusDefs\20150909.016\EX64.SYS
13:53:06.0728 0x1938 NAVEX15 - ok
13:53:06.0790 0x1938 [ BFCE1225D10619029E68946929CEB64C, 499F560331FFBA82E3D673B47F027FDAB7BEE4F2CB5B811D69E0218839F6E6A5 ] NcaSvc C:\WINDOWS\System32\ncasvc.dll
13:53:07.0025 0x1938 NcaSvc - ok
13:53:07.0040 0x1938 [ 267C97373110B7AFD3B46DF60B6CBB85, CEBB99F71D47634BB9C04DF2836DF6B47F15B3073FEFC237F85526DF01E4E38B ] NcbService C:\WINDOWS\System32\ncbservice.dll
13:53:07.0087 0x1938 NcbService - ok
13:53:07.0103 0x1938 [ 9ACED0F5B458C9011F39143326494E93, 9DFFC7EE7DE6FD92545EC6A203213C498A01EEFB0BC55460D339BCE498E56A7F ] NcdAutoSetup C:\WINDOWS\System32\NcdAutoSetup.dll
13:53:07.0134 0x1938 NcdAutoSetup - ok
13:53:07.0259 0x1938 [ 97DC5967F65503213FD1F1B3E4A6F983, 3EC515856C7CE9B30032F963DC04190F66EE62402A819781DC45B7D088C84229 ] NDIS C:\WINDOWS\system32\drivers\ndis.sys
13:53:07.0368 0x1938 NDIS - ok
13:53:07.0415 0x1938 [ 8CECC8DA55F3274181FD1EA28AD76664, 188112424CEF97FB926A0FB915260B803555A775DD2E1846725A9C8616300F42 ] NdisCap C:\WINDOWS\system32\DRIVERS\ndiscap.sys
13:53:07.0446 0x1938 NdisCap - ok
13:53:07.0462 0x1938 [ 269882812E9A68FFF1AFE1283D428322, 50B99EBC42DA9B46A8C2C28C9BADCF58AE3079535CDD1227D0F5C86291C715FF ] NdisImPlatform C:\WINDOWS\system32\DRIVERS\NdisImPlatform.sys
13:53:07.0915 0x1938 NdisImPlatform - ok
13:53:07.0931 0x1938 [ DC1D9F692C2AD84C214584C28501C1F7, 96FC0D1EC48FED963E02648541A2AAC8E72ED00D797EA8E3D0ED02F5EB4816C5 ] NdisTapi C:\WINDOWS\system32\DRIVERS\ndistapi.sys
13:53:08.0118 0x1938 NdisTapi - ok
13:53:08.0150 0x1938 [ B832B35055BA2B7B4181861FF94D8E59, 2E60E5D503E88D27E35ECFEE265D51328E93A9C7B9B931F86D9CBC947636BB00 ] Ndisuio C:\WINDOWS\system32\DRIVERS\ndisuio.sys
13:53:08.0181 0x1938 Ndisuio - ok
13:53:08.0212 0x1938 [ 1F58E48EF75F34C35D8E93A0DC535CFE, D65619A6C4B1747F8B05DA08A44EF0E46B5CC384880E04E4755A2BA6CDB3C4EA ] NdisVirtualBus C:\WINDOWS\System32\drivers\NdisVirtualBus.sys
13:53:08.0243 0x1938 NdisVirtualBus - ok
13:53:08.0275 0x1938 [ DEC29080202D4F9F17F55E18BCFCC41A, F7E543741B1F4F637A99C40543D6AEC6EBF893F74359BBA769D1F882E0AFB571 ] NdisWan C:\WINDOWS\system32\DRIVERS\ndiswan.sys
13:53:08.0322 0x1938 NdisWan - ok
13:53:08.0353 0x1938 [ DEC29080202D4F9F17F55E18BCFCC41A, F7E543741B1F4F637A99C40543D6AEC6EBF893F74359BBA769D1F882E0AFB571 ] NdisWanLegacy C:\WINDOWS\system32\DRIVERS\ndiswan.sys
13:53:08.0384 0x1938 NdisWanLegacy - ok
13:53:08.0415 0x1938 [ B8F36CBC72FC5C8B8A30AD850165EA8E, 478454B1399700B745265A64EC9C797C66BD0141471200BCF222F5EB15B0F40C ] NDProxy C:\WINDOWS\system32\drivers\NDProxy.sys
13:53:08.0556 0x1938 NDProxy - ok
13:53:08.0572 0x1938 [ 3083926D1CC5B56EA0786527B557DD1B, 3C3F0CA0D43398576DBE8F677B353ADDA7E8F56829874958CE668E31261C1590 ] Ndu C:\WINDOWS\system32\drivers\Ndu.sys
13:53:08.0759 0x1938 Ndu - ok
13:53:08.0775 0x1938 [ 42FF4975D032CAE558AE4BB8448F6E5A, 0B8FACF3382443DED79A8004A6AA14C32471A6A1C6BAA543AA9F3FEC52620A6D ] NetBIOS C:\WINDOWS\system32\DRIVERS\netbios.sys
13:53:08.0822 0x1938 NetBIOS - ok
13:53:08.0900 0x1938 [ 0217532E19A748F0E5D569307363D5FD, C40C2E7AFA276057E7327A7BB173122689D6CEC9AE443C3850C3F94AF03DFBF5 ] NetBT C:\WINDOWS\system32\DRIVERS\netbt.sys
13:53:08.0947 0x1938 NetBT - ok
13:53:08.0978 0x1938 [ 382100E75B6F4668AEAEF228C6CEFFAD, 9C7229F10F11D18E1FED6395391A46225A84B421034B9AB6F81AF7430FDC556F ] Netlogon C:\WINDOWS\system32\lsass.exe
13:53:09.0009 0x1938 Netlogon - ok
13:53:09.0118 0x1938 [ 8F074B62E66B6117D9598C62A12069C5, 5FDB19045D3E2F6D0F0C5158AC2ECB0D5404CD2AF7A319755D7E3753CA3B7CF3 ] Netman C:\WINDOWS\System32\netman.dll
13:53:09.0197 0x1938 Netman - ok
13:53:09.0259 0x1938 [ 4A04B1CD5BFB4A978C5F60E86D6C3E45, A946922C1C38ADD3CF9D3B09DDCC301AE4DAC960A081B2F42B32BE1E7095B3FD ] netprofm C:\WINDOWS\System32\netprofmsvc.dll
13:53:09.0322 0x1938 netprofm - ok
13:53:09.0400 0x1938 [ 1092B3190E69E0C5ECBCE90F171DE047, C16106EEFC324EE80E5F659CB71A5DD69FA800D36D829F5B0E6AD3393BD1BAF7 ] NetTcpPortSharing C:\WINDOWS\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
13:53:09.0478 0x1938 NetTcpPortSharing - ok
13:53:09.0509 0x1938 [ D4DCE03870314D3354F3501F9DDD4123, 5BFE8299B3F72B8C39A4965365CBF5BA151024451F02DD872FAD1CC35CF94CEA ] netvsc C:\WINDOWS\System32\drivers\netvsc63.sys
13:53:09.0868 0x1938 netvsc - ok
13:53:09.0931 0x1938 [ E94EB2A95D7D016E119C4D6868788831, 3E4A925D23262FBA0A6432DD635FBE94B0CEF76BD9BB323254B66977497FEE2A ] NlaSvc C:\WINDOWS\System32\nlasvc.dll
13:53:09.0993 0x1938 NlaSvc - ok
13:53:10.0025 0x1938 [ 8F44A2F57C9F1A19AC9C6288C10FB351, 310274DDBAC0FE4BE54ECD3B90C97D82A0F9F5CFCA7A35711A36164DE4B94074 ] Npfs C:\WINDOWS\system32\drivers\Npfs.sys
13:53:10.0056 0x1938 Npfs - ok
13:53:10.0072 0x1938 [ CBDB4F0871C88DF930FC0E8588CA67FC, 7E4AA3EA81A9D532F236FD7896744F07ED07CA9B37A9F18A9778BCCCC67490F2 ] npsvctrig C:\WINDOWS\System32\drivers\npsvctrig.sys
13:53:10.0103 0x1938 npsvctrig - ok
13:53:10.0134 0x1938 [ 0F12A72A753CFD7FB0631EE8D08FE983, 860A96471F6CD90DDA9AB3A48E95CEAD826C87D2FA98A00EF91B61C44A4C8B82 ] nsi C:\WINDOWS\system32\nsisvc.dll
13:53:10.0290 0x1938 nsi - ok
13:53:10.0306 0x1938 [ 0E046FF5823B95326D10CF1B4AF23541, 39D22715003746527AB4BFEDED8C34B695DAF589091AE7F3A2A2C4B8A35675A9 ] nsiproxy C:\WINDOWS\system32\drivers\nsiproxy.sys
13:53:10.0337 0x1938 nsiproxy - ok
13:53:10.0478 0x1938 [ 7F68063A5A0461E02BC860CE0E6BFDDC, 47E9F75D27B97278B74034B7D3951A26B1644911ED321455E08D935731C858DE ] Ntfs C:\WINDOWS\system32\drivers\Ntfs.sys
13:53:10.0868 0x1938 Ntfs - ok
13:53:10.0900 0x1938 [ EF1B290FC9F0E47CC0B537292BEE5904, DBC07BBC54EBC2D2E576B23A4CE116B3DA988577AD0D96CB7289A6748A60F9EA ] Null C:\WINDOWS\system32\drivers\Null.sys
13:53:10.0947 0x1938 Null - ok
13:53:11.0775 0x1938 [ E71E299FF15390E585BACF2C18F55078, 7A51D989DA55349B1761839DEAFD593B6E6F88C433B132E7B027467E050FBA67 ] nvlddmkm C:\WINDOWS\system32\DRIVERS\nvlddmkm.sys
13:53:12.0837 0x1938 nvlddmkm - ok
13:53:12.0947 0x1938 [ FCC3A3F875C8CF258F71BE2F2CAA2355, BD174C47329F0A15D821E51997E4CDAA68FB9BFD72A89A2F2A85A8603625EB18 ] nvpciflt C:\WINDOWS\system32\DRIVERS\nvpciflt.sys
13:53:12.0962 0x1938 nvpciflt - ok
13:53:12.0994 0x1938 [ BC6B5942AFF25EBAF62DE43C3807EDF8, CB0FA194084B8C309039D571B5760FDA800E9531B8660C499B4F9977BA5C36D5 ] nvraid C:\WINDOWS\system32\drivers\nvraid.sys
13:53:13.0040 0x1938 nvraid - ok
13:53:13.0072 0x1938 [ 1F43ABFFAC3D6CA356851D517392966E, 6FD7621F67BA94B0E1D8F43BEC2951DBCDEEA1E848BB265AC169E27C01DA68F2 ] nvstor C:\WINDOWS\system32\drivers\nvstor.sys
13:53:13.0103 0x1938 nvstor - ok
13:53:13.0197 0x1938 [ 415695F5A54E91E869EEBFEA261361A6, 1829C15E07D902686171C8A66EB03040A037CAC1E00E24BF598030D9DA795CEC ] nvsvc C:\WINDOWS\system32\nvvsvc.exe
13:53:13.0275 0x1938 nvsvc - ok
13:53:13.0415 0x1938 [ AA130938A27BB80A8B6438EF83232275, 7C5A4863CD22413723C9F7658855E34088A2F89DF740531ED7986F67A30935E0 ] nvUpdatusService C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
13:53:13.0509 0x1938 nvUpdatusService - ok
13:53:13.0556 0x1938 [ 6934A936A7369DFE37B7DBA93F5E5E49, 0900FEEB0CE8D09F0FC60630B5B986034A8BCD3882ED66E47170810C32492892 ] nv_agp C:\WINDOWS\system32\drivers\nv_agp.sys
13:53:13.0587 0x1938 nv_agp - ok
13:53:13.0650 0x1938 [ 30B5F9FB0C35AE6B4A0851D24CE2EE8B, 0340E77E8EC2ADC21B8DDD9C9CC95B3F4BCAFD54618A333C72D7D9587D593B83 ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
13:53:14.0040 0x1938 ose - ok
13:53:14.0087 0x1938 [ 26657F3B4F39A0E64AF859278B599C4E, 3DD65E0BCEF3045DBA29FB8171CA3FCC9781AED3A1C7A160CF26388CE80A3683 ] p2pimsvc C:\WINDOWS\system32\pnrpsvc.dll
13:53:14.0259 0x1938 p2pimsvc - ok
13:53:14.0322 0x1938 [ FD8F61F0D1F64BBB3D835F39A3F979C9, E5C5F86576488EA7F605E26C06EE5AFB36506A446F60C894D55E0A148BF7F02D ] p2psvc C:\WINDOWS\system32\p2psvc.dll
13:53:15.0275 0x1938 p2psvc - ok
13:53:15.0306 0x1938 [ 764B1121867B2D9B31C491668AC72B2B, 32C04B6FCE1DDD09697B81473A23BDCED8BEEFBCD0D2D58DDC9A11A33C756967 ] Parport C:\WINDOWS\System32\drivers\parport.sys
13:53:15.0337 0x1938 Parport - ok
13:53:15.0369 0x1938 [ BAFF6122CFC9F95CA175AD8C348179A4, 079A912D951DF6A57BC1BDB0D182977EE9592751EC9DDCDA2932BDEDB333850C ] partmgr C:\WINDOWS\system32\drivers\partmgr.sys
13:53:15.0400 0x1938 partmgr - ok
13:53:15.0462 0x1938 [ ABE95ABE27A8BD9701782BBCD82C9925, AE3BA1E9ECDE692374D8DAC95A8DAA289DD2470E3D8D58EFAD9F83A37F3AC8E5 ] PcaSvc C:\WINDOWS\System32\pcasvc.dll
13:53:15.0556 0x1938 PcaSvc - ok
13:53:15.0603 0x1938 [ 91ED124E261EA8FAA1C0FFDF2A71B0C4, 20E41A38067395D03184938983A9BE459717A1941352972DBC28D83D542319EC ] pci C:\WINDOWS\system32\drivers\pci.sys
13:53:15.0650 0x1938 pci - ok
13:53:15.0665 0x1938 [ 346E38FCC6859A727DD28AFAD1F0AFF4, FF3DA26F79B3BC3A5B8A8AA0B9139B9EF70297F4EA1203B1E68FB5A212C3AA58 ] pciide C:\WINDOWS\system32\drivers\pciide.sys
13:53:15.0681 0x1938 pciide - ok
13:53:15.0697 0x1938 [ 4D3BDCC1C7B40C9D7B6AD990E6DEC397, 27A7AF2127B699F4579CB77936F38DC102211E26E5E2947DB808756FE06FC98E ] pcmcia C:\WINDOWS\system32\drivers\pcmcia.sys
13:53:15.0728 0x1938 pcmcia - ok
13:53:15.0759 0x1938 [ BF28771D1436C88BE1D297D3098B0F7D, 5F7630916A76A8CF31289E9C577F522B999C74C39E541CD40E62BD53004BEF74 ] pcw C:\WINDOWS\system32\drivers\pcw.sys
13:53:15.0790 0x1938 pcw - ok
13:53:15.0822 0x1938 [ ED54A75050211DC77F9B98C41E026858, F92FB59ADE88469EAA50E91D43165C68CC32FDE11595A0069FD43103A674FE44 ] pdc C:\WINDOWS\system32\drivers\pdc.sys
13:53:15.0853 0x1938 pdc - ok
13:53:15.0931 0x1938 [ 0ECEE590F2E2EF969FB74A6FC583A1E6, 1C611D9225C863CF32125F684B324C58BDE1942F4F283F5674133200AC505D44 ] PEAUTH C:\WINDOWS\system32\drivers\peauth.sys
13:53:16.0119 0x1938 PEAUTH - ok
13:53:16.0197 0x1938 [ 8E3C640FFF5A963F570233AE99C0FFF3, 3DE978B005BF2E88BA858CE37D9E27BD3584642B8412E22C300A1E739743838A ] PerfHost C:\WINDOWS\SysWow64\perfhost.exe
13:53:16.0353 0x1938 PerfHost - ok
13:53:16.0478 0x1938 [ 70B39E7241F750A248798CE82C44596D, 54A72199EB277EE586611DCBC21654786FD2196F91D5884C4F531297893CC3EC ] pla C:\WINDOWS\system32\pla.dll
13:53:16.0900 0x1938 pla - ok
13:53:16.0978 0x1938 [ 650A060D264FDDB365513A31B0BF31B7, E5EE292D486063F70119013FE89C15953BD46795E001C8A71D612351BC26DF33 ] plctrl C:\Program Files\ASUS\P4G\plctrl.sys
13:53:16.0994 0x1938 plctrl - ok
13:53:17.0025 0x1938 [ 2C02AFF8383D893F8DBEB07A84F6E77C, 7CC34BAC67E2988E3D16DD6EB6F6785CD2460E3EF7FBD0BD5F86E49793BD473E ] PlugPlay C:\WINDOWS\system32\umpnpmgr.dll
13:53:17.0072 0x1938 PlugPlay - ok
13:53:17.0103 0x1938 [ 4570F8A37D221660F3A09D6F4DD4BA94, 0EA190CFFA53DF9CCA2D53A4EF1BCB837BA3F2489A3AC5BD11F6D6ED811D118E ] PNRPAutoReg C:\WINDOWS\system32\pnrpauto.dll
13:53:17.0197 0x1938 PNRPAutoReg - ok
13:53:17.0228 0x1938 [ 26657F3B4F39A0E64AF859278B599C4E, 3DD65E0BCEF3045DBA29FB8171CA3FCC9781AED3A1C7A160CF26388CE80A3683 ] PNRPsvc C:\WINDOWS\system32\pnrpsvc.dll
13:53:17.0275 0x1938 PNRPsvc - ok
13:53:17.0337 0x1938 [ BDD52AB4AEBB8B1904568DBD0CCB70CB, C3D1DBA349C79B43DCDD9EF5255C5EE973EFB844235B808B5EF9B63A51FF00AA ] PolicyAgent C:\WINDOWS\System32\ipsecsvc.dll
13:53:17.0400 0x1938 PolicyAgent - ok
13:53:17.0431 0x1938 [ C8DD82C3035E60D671B8CC5DF128D3A9, 6AABF632CBEDA9A7B553BC9134FF100CB6FDC88000D499D2883408FCEDD97576 ] Power C:\WINDOWS\system32\umpo.dll
13:53:17.0478 0x1938 Power - ok
13:53:17.0712 0x1938 [ E3514CE7CB4AF80ECCA383F065BC77C0, 1EA06D358A07EB9DFB703CEFC4EB834B947B899E0ACFE1C494E2DAED63F1D4B5 ] PrintNotify C:\WINDOWS\system32\spool\drivers\x64\3\PrintConfig.dll
13:53:18.0244 0x1938 PrintNotify - ok
13:53:18.0275 0x1938 [ ECD373F9571C745894367CC2635EA44F, E08B2A1017DAE1BF10B986DAFAD14BDE20D79703E0EF3A8C700A3753908C1392 ] Processor C:\WINDOWS\System32\drivers\processr.sys
13:53:18.0290 0x1938 Processor - ok
13:53:18.0322 0x1938 [ 6E409D818C6B342544EAE741B1422B85, B4ADFB7809FC42C432C984C3AC13FAFD1B7AD53BCC7FB16E86371DE4C829DD1A ] ProfSvc C:\WINDOWS\system32\profsvc.dll
13:53:18.0384 0x1938 ProfSvc - ok
13:53:18.0415 0x1938 [ FC0141B4A5AD6D637D883C1A89FC45C5, DCE8942C02EEDAE7A57707CA60CAC3A8CD6BA68E6571E405CA882D4DD6D69E43 ] Psched C:\WINDOWS\system32\DRIVERS\pacer.sys
13:53:18.0447 0x1938 Psched - ok
13:53:18.0509 0x1938 [ DAA9DEE0A5D5F238C4EE54C2C7FB67C5, 7EC8C603BD92699AC35BDCD294F13BEE90D5C2C195FD93A3F16928BFCF53CA93 ] QWAVE C:\WINDOWS\system32\qwave.dll
13:53:19.0337 0x1938 QWAVE - ok
13:53:19.0369 0x1938 [ 83868EB2924E6BC21A54337C65D614D1, 8D1BE01EBD190231153B867C32120DC8FBFBD32050448A778134D435D76A0B07 ] QWAVEdrv C:\WINDOWS\system32\drivers\qwavedrv.sys
13:53:19.0384 0x1938 QWAVEdrv - ok
13:53:19.0431 0x1938 [ B337B1F1E82A83E20A1743E008E25C0F, A2E8AF041B4CAB78AEE28A2147A189FF0F9D2FCEFB167D60FBBA0A787A5A5BE7 ] RasAcd C:\WINDOWS\system32\DRIVERS\rasacd.sys
13:53:19.0447 0x1938 RasAcd - ok
13:53:19.0494 0x1938 [ 044638489B4A5FE5334F46C5314A0826, E06CC2A9EF369794DAD69FBB5AFD1676D4283DDAB2AD5E3EFE454C473F62F955 ] RasAuto C:\WINDOWS\System32\rasauto.dll
13:53:19.0525 0x1938 RasAuto - ok
13:53:19.0603 0x1938 [ F83B38FCD4F69157B3D158433FA149CC, AB103BD3E2B3B134CB355C556DF70BCF0CF4DB11EFF7DB4A9876D5AA43D81293 ] RasMan C:\WINDOWS\System32\rasmans.dll
13:53:19.0712 0x1938 RasMan - ok
13:53:19.0728 0x1938 [ 5247F308C4103CDC4FE12AE1D235800A, E567CD33CA1897D53795E071B7AFBAF98B2C8F725F8BED0BA90F5EF611520E48 ] RasPppoe C:\WINDOWS\system32\DRIVERS\raspppoe.sys
13:53:19.0775 0x1938 RasPppoe - ok
13:53:19.0822 0x1938 [ A1A5E79C0D1352AFDC08328A623DA051, 01546DDE6F1FF159A7EB7F2BF104910445D3D863F1F37DEA695579BA60D84280 ] rdbss C:\WINDOWS\system32\DRIVERS\rdbss.sys
13:53:19.0869 0x1938 rdbss - ok
13:53:19.0884 0x1938 [ 6B21EBF892CD8CACB71669B35AB5DE32, 0AD8E14FEF16FB2559F5FC8AFBC9D49E4E24F43CF65F480DBF9FAB593269B419 ] rdpbus C:\WINDOWS\System32\drivers\rdpbus.sys
13:53:19.0915 0x1938 rdpbus - ok
13:53:19.0947 0x1938 [ 680C1DAE268B6FB67FA21B389A8B79EF, 856911F77BDD8830C3D683EBE8AF399FB3A54C7D8D0B34EA37D903377F0A39BD ] RDPDR C:\WINDOWS\system32\drivers\rdpdr.sys
13:53:20.0119 0x1938 RDPDR - ok
13:53:20.0165 0x1938 [ BC8A79C625568DDB7DCA49D0C2741A64, AB0A7ED9EC2282EC0356D27EA4F70515943E41C2112428B787636B8BEC278933 ] RdpVideoMiniport C:\WINDOWS\system32\drivers\rdpvideominiport.sys
13:53:20.0181 0x1938 RdpVideoMiniport - ok
13:53:20.0228 0x1938 [ A26AEC49F318FEE141DDDB2C5F99B3E6, 246AD79FF27E79DEDCB0AAA7C22A8EA6349DEDAC863413A1E378E68FD94C9C4F ] rdyboost C:\WINDOWS\system32\drivers\rdyboost.sys
13:53:20.0259 0x1938 rdyboost - ok
13:53:20.0353 0x1938 [ 615DFD97DEA56CE1C3A52185A3038FF8, 707BF5F9FAE478A12656D15013F507CC1335E7B72BD21CA99BB813CB95E37BC0 ] ReFS C:\WINDOWS\system32\drivers\ReFS.sys
13:53:20.0650 0x1938 ReFS - ok
13:53:20.0697 0x1938 [ 0CF7CB56BF2D5E9DBCEE0185CB626FAD, 2BD2E2FB1D2EADD1F70EF55E8523C353F95D4FEB1BAD5017FA4D94F790F27825 ] RemoteAccess C:\WINDOWS\System32\mprdim.dll
13:53:20.0822 0x1938 RemoteAccess - ok
13:53:20.0869 0x1938 [ AC8785B53F8436058C90450DA1840AE7, CC1FFC2713910211F8A6AD532DBB9253ACD188CBD784F1BE6613DF382825A3C1 ] RemoteRegistry C:\WINDOWS\system32\regsvc.dll
13:53:21.0259 0x1938 RemoteRegistry - ok
13:53:21.0291 0x1938 [ DC66AE45816614D2999DCD3834DCCC4E, 1C26225135E851DDD1307F52401DD7055B26B3F3B8FDD693B21042C2896E235A ] RFCOMM C:\WINDOWS\System32\drivers\rfcomm.sys
13:53:21.0337 0x1938 RFCOMM - ok
13:53:21.0369 0x1938 [ 65B9FDE300A6DECC03BA44C4616DCAD6, CAD992982733DD20282A3453DC4E554AE1FC077C35479C0CA4E8BC3A9DCD3BB0 ] RpcEptMapper C:\WINDOWS\System32\RpcEpMap.dll
13:53:21.0415 0x1938 RpcEptMapper - ok
13:53:21.0431 0x1938 [ A737B433ABAF3F2DCB2BD7B4CC582B26, 3B5706B0CF0969A9F82060FD4DCC745F2D83C066B663FE8A4F0F493B64032C9C ] RpcLocator C:\WINDOWS\system32\locator.exe
13:53:21.0462 0x1938 RpcLocator - ok
13:53:21.0525 0x1938 [ A6F17C299A03BAFEFB9257C462A19E00, EB68967D28355271897166D7B6FD963D1E546D3C24AE1AEAAC561F94357A9345 ] RpcSs C:\WINDOWS\system32\rpcss.dll
13:53:21.0603 0x1938 RpcSs - ok
13:53:21.0634 0x1938 [ 2D05A5508F4685412F2B89E8C2189ABC, 82F12B4E0E73411A121EFD35FBD3B44CBBC0AE96ACFBB45D8C3C3777E2EA320D ] rspndr C:\WINDOWS\system32\DRIVERS\rspndr.sys
13:53:21.0681 0x1938 rspndr - ok
13:53:21.0728 0x1938 [ E7B780F2E7A124264AA487C13107BDFF, 2AE4E7227F3E28FCEF685AC54771D949845339D7881A7855810A6C33E9B179D7 ] RSUSBVSTOR C:\WINDOWS\System32\Drivers\RtsUVStor.sys
13:53:21.0759 0x1938 RSUSBVSTOR - ok
13:53:21.0853 0x1938 [ 8B58D96C0C8CB3DB20C156C76AD06E1B, A6449305D9454C5CF21AAD0ABBF226621C0AA9C6904853F9A7C555D500752112 ] RTL8168 C:\WINDOWS\system32\DRIVERS\Rt630x64.sys
13:53:21.0915 0x1938 RTL8168 - ok
13:53:21.0947 0x1938 [ 1A063730F221B2746FF00457AE17E4F0, 39A3C258CBFE3BC566C63528C9020A3BC9409736AE5289C08A7BA471D8409263 ] s3cap C:\WINDOWS\System32\drivers\vms3cap.sys
13:53:21.0978 0x1938 s3cap - ok
13:53:22.0009 0x1938 [ 382100E75B6F4668AEAEF228C6CEFFAD, 9C7229F10F11D18E1FED6395391A46225A84B421034B9AB6F81AF7430FDC556F ] SamSs C:\WINDOWS\system32\lsass.exe
13:53:22.0040 0x1938 SamSs - ok
13:53:22.0072 0x1938 [ C624A1B32211C3166EDB3F4AB02A30B7, 6B2A4607DB52D74242787ED9DF9067058983D310431D8612D2B0236E6201E681 ] sbp2port C:\WINDOWS\system32\drivers\sbp2port.sys
13:53:22.0119 0x1938 sbp2port - ok
13:53:22.0150 0x1938 [ 74A3B67F03877D06B09B1B40C5ED582E, A8FF9BF416F0BF365BFB4E1796859825C811A74B5E54DDDCE8345193BEEBE206 ] SCardSvr C:\WINDOWS\System32\SCardSvr.dll
13:53:22.0197 0x1938 SCardSvr - ok
13:53:22.0212 0x1938 [ 8B9C4D55B4A536FB01C360DDB9533574, 9B939FE68F6F9C171ED0D91E2CE1E67515295D34EC23606BCDFD097DCC8CFD4A ] ScDeviceEnum C:\WINDOWS\System32\ScDeviceEnum.dll
13:53:22.0259 0x1938 ScDeviceEnum - ok
13:53:22.0291 0x1938 [ 13BEA6C882D4D877A5A85CA149C86BC1, 8E9BE5C2A36D5881D9985C3A31309FE03966EA13A3541D3C5B542AB67FA0D55F ] scfilter C:\WINDOWS\system32\DRIVERS\scfilter.sys
13:53:22.0322 0x1938 scfilter - ok
13:53:22.0447 0x1938 [ 3151A020E03DDE31AAC49F35C5EFB4DB, 5ABB1103009979F86C862357E28F37C2744979F2C99F7CF6ABB4EB1B8416B3F6 ] Schedule C:\WINDOWS\system32\schedsvc.dll
13:53:22.0572 0x1938 Schedule - ok
13:53:22.0603 0x1938 [ 41C0D7B1A6D4AD119BA6AC0487EA5C8E, 516C2B34BA7507D0DA4148B4ABC0A8C36286570D4EA5C60B28647B1249C15018 ] SCPolicySvc C:\WINDOWS\System32\certprop.dll
13:53:22.0650 0x1938 SCPolicySvc - ok
13:53:22.0681 0x1938 [ 1CA5A783B10EC897FCE91CF220D6C517, DCBCD9E90C73F883B9A55D972CF99F25373049B7684E6738E1E213A20369A5E6 ] scvad_simple C:\WINDOWS\system32\drivers\SplitCamAudio.sys
13:53:22.0712 0x1938 scvad_simple - ok
13:53:22.0744 0x1938 [ C54B6B2170BF628FD42F799A66956D75, BCF460A124CAA6F1F1A9A7BCBDCC2D5E39B0404D96B7C9FFAC806E041782B91E ] sdbus C:\WINDOWS\System32\drivers\sdbus.sys
13:53:22.0791 0x1938 sdbus - ok
13:53:22.0822 0x1938 [ 0B1E929D11A8E358106955603FAC65E8, A5EC91BFC0873EC6AB1D0DB4E91654BD35339BD680E7E82DA2DC64996B4AE515 ] sdstor C:\WINDOWS\System32\drivers\sdstor.sys
13:53:22.0853 0x1938 sdstor - ok
13:53:22.0884 0x1938 [ 3EA8A16169C26AFBEB544E0E48421186, 34BBB0459C96B3DE94CCB0D73461562935C583D7BF93828DA4E20A6BC9B7301D ] secdrv C:\WINDOWS\system32\drivers\secdrv.sys
13:53:22.0915 0x1938 secdrv - ok
13:53:22.0931 0x1938 [ BA24CEA7152239F42ECD04AFB7C89D24, A2A11EABB0C283772B74667C7544B61BEB1B9745FBF065E831542129EB585AFA ] seclogon C:\WINDOWS\system32\seclogon.dll
13:53:22.0962 0x1938 seclogon - ok
13:53:22.0994 0x1938 [ 81FE9A81EDF8016816C9E91FBFBF7D35, 87FB92A3D15F312F0B9C423EF851061A944B013E5668D8C9A441B4DC0EB690AF ] SENS C:\WINDOWS\System32\sens.dll
13:53:23.0025 0x1938 SENS - ok
13:53:23.0056 0x1938 [ 6E4012AE67F09F867EF620C8D5524C0B, 63933E51F8E413E63481369CE2F9FD224560550FBD3BD2B4573E9F4AD88708A2 ] SensrSvc C:\WINDOWS\system32\sensrsvc.dll
13:53:23.0119 0x1938 SensrSvc - ok
13:53:23.0165 0x1938 [ DB2FF24CE0BDD15FE75870AFE312BA89, 7DB0D978C92CD0A0A81F7AB46FE323B4929CEA01585B0F330921E6DFA7DE1B85 ] SerCx C:\WINDOWS\system32\drivers\SerCx.sys
13:53:23.0197 0x1938 SerCx - ok
13:53:23.0244 0x1938 [ 0044B31F93946D5D41982314381FE431, 95B8A94BA9EF770F29ACD5B23D447EC2B6CF1CB3D0030343BA1550AC31F6E2A5 ] SerCx2 C:\WINDOWS\system32\drivers\SerCx2.sys
13:53:23.0290 0x1938 SerCx2 - ok
13:53:23.0322 0x1938 [ 3CD600C089C1251BEEB4CD4CD5164F9E, D9F81951B4454B24E821E33ACA53A851A61F3135E8EC6FBE6761A1A3E1CDCBE2 ] Serenum C:\WINDOWS\System32\drivers\serenum.sys
13:53:23.0353 0x1938 Serenum - ok
13:53:23.0369 0x1938 [ D864381BC9C725FAB01D94C060660166, 132FED95222BBE3B0B25B3F1F0EFC5903D04564BD047BA4D2042AD51E3FDA724 ] Serial C:\WINDOWS\System32\drivers\serial.sys
13:53:23.0400 0x1938 Serial - ok
13:53:23.0431 0x1938 [ 148195AE95D9BC7375A08846439FDAC1, 3A2F78FD18AA7A6D659921E19335E943894530874AC5AB5E7219CEF28FA54F7A ] sermouse C:\WINDOWS\System32\drivers\sermouse.sys
13:53:23.0462 0x1938 sermouse - ok
13:53:23.0525 0x1938 [ 3A2F1A7472C3B7CC9B89C8516C726488, 9BCBBAC10C900EA7B30822B463A77EE5067F217C4B490857A09E5277983CB89B ] SessionEnv C:\WINDOWS\system32\sessenv.dll
13:53:23.0806 0x1938 SessionEnv - ok
13:53:23.0837 0x1938 [ 472B7A5AC181C050888DB454663DD764, C950A8615D57BFD455E18880398350642B2E1D6B951EC9754FD8D429F3418835 ] sfloppy C:\WINDOWS\System32\drivers\sfloppy.sys
13:53:23.0869 0x1938 sfloppy - ok
13:53:23.0931 0x1938 [ 8081FF3DAE8159FE8956B09BC29CE983, AC0F305AEE8B1AB2E1275F1D33EC1D2F3E23F234F831BD9D41F415A94A19D3AB ] SharedAccess C:\WINDOWS\System32\ipnathlp.dll
13:53:24.0165 0x1938 SharedAccess - ok
13:53:24.0415 0x1938 [ 7FD9A61A3523A61FC135D61D6E160314, 409E1CF7A62FD90CBC31AEAFBB7230B02DBEC6CFCA2D266D221A7643FAEBA13B ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll
13:53:24.0634 0x1938 ShellHWDetection - ok
13:53:24.0666 0x1938 [ 2F518D13DD6F3053837FE606F1A2EA1F, 64109296CE95BD233525688A350D575CF97B9464659AA07CF78B307B6ADBC835 ] SiSRaid2 C:\WINDOWS\system32\drivers\SiSRaid2.sys
13:53:24.0697 0x1938 SiSRaid2 - ok
13:53:24.0712 0x1938 [ 1AC9A200A9C49C4508F04AAFFCA34A3F, 972BCB2A39169155F74111FAC74ACCD8F50E34EADCF087833B0980827627BBF4 ] SiSRaid4 C:\WINDOWS\system32\drivers\sisraid4.sys
13:53:24.0744 0x1938 SiSRaid4 - ok
13:53:24.0822 0x1938 [ 52F7E8603E888E3DB0A8B3D1804098E9, 4E23DC9442C0C14AAE7146DACBB0B39743F1FFAA463EE7069CCDF866AD27BD77 ] SkypeUpdate C:\Program Files (x86)\Skype\Updater\Updater.exe
13:53:24.0869 0x1938 SkypeUpdate - ok
13:53:24.0916 0x1938 [ 3C84DCCE5B322F745A75CA8BA3A0F6B3, 1FB94A8A1C63D6FDB82E28ED5B696B3CB1F64183A89A3B5153B266C292CB7815 ] smphost C:\WINDOWS\System32\smphost.dll
13:53:24.0931 0x1938 smphost - ok
13:53:24.0978 0x1938 [ D0EB0DF8C603BBA084351A92732B1CBE, E24ED8F78EF41C1BC17386AE4BBCE0DC892C5B89B12C03FC9FB61D359B13F1B4 ] SNMPTRAP C:\WINDOWS\System32\snmptrap.exe
13:53:25.0009 0x1938 SNMPTRAP - ok
13:53:25.0056 0x1938 [ D24B1945ED1F9C96DA786DBBF1E983CE, B46CB0B72B7A3DF94A46B8D65E38535C5F8E72A55CF2DC48EFA1F9A0108691C4 ] spaceport C:\WINDOWS\system32\drivers\spaceport.sys
13:53:25.0369 0x1938 spaceport - ok
13:53:25.0400 0x1938 [ F337BE11071818FC3F5DC2940B6BDE34, D5CFF00E5DF37045F71AEE101AC9B270EBB29F372F404757B58600E9966C7E4D ] SpbCx C:\WINDOWS\system32\drivers\SpbCx.sys
13:53:25.0431 0x1938 SpbCx - ok
13:53:25.0462 0x1938 [ 47C36D677B1E96B8F94D85C543DC5CA6, 3FE5F3F021DB36DA3672E906C83CB2A79C8F7FD3DC9643098ACDD47943F7F6BC ] splitcam_hd_driver C:\WINDOWS\system32\DRIVERS\splitcam_hd_driver.sys
13:53:25.0478 0x1938 splitcam_hd_driver - ok
13:53:25.0572 0x1938 [ 2E3976C857D7230EC8D2B2276E688255, C0A6A84369CB3E709A6FFEBED2B38AB62D731B79D052D6D6FA8EF855BC428778 ] Spooler C:\WINDOWS\System32\spoolsv.exe
13:53:25.0650 0x1938 Spooler - ok
13:53:26.0134 0x1938 [ 46549AF7CB672BC8138264CC4100E9F8, 6434249FADB07A033FD40C37DF2B775CF0617CF0C3E7C170F2984BD3CE423794 ] sppsvc C:\WINDOWS\system32\sppsvc.exe
13:53:26.0744 0x1938 sppsvc - ok
13:53:26.0947 0x1938 [ 3361466E3C5353CAB7E978C236FADF3B, DEF6FD4EB35C4CA9E67843A324FF1A8D6A064CBC76FD3392E70BBAF85D9421BA ] SRTSP C:\WINDOWS\System32\Drivers\N360x64\1605020.00F\SRTSP64.SYS
13:53:27.0134 0x1938 SRTSP - ok
13:53:27.0166 0x1938 [ BA2ABBEA69BD1866C973DE11CB0CE9F8, 7A04BC2F4DA9A69A996911CC429064D24CF51F4046A2EE688D4326B44C9EDAFB ] SRTSPX C:\WINDOWS\system32\drivers\N360x64\1605020.00F\SRTSPX64.SYS
13:53:27.0197 0x1938 SRTSPX - ok
13:53:27.0291 0x1938 [ 6416E79A58A8FCC33A447A4DDDD3BF04, 839E3107ACCD520C309BD6C8324DF7A8EB724EAD442AB1F1CACB0D83F84BE488 ] srv C:\WINDOWS\system32\DRIVERS\srv.sys
13:53:27.0337 0x1938 srv - ok
13:53:27.0509 0x1938 [ 00D8AC8E3053290BDE6EA2FB6810D2FC, 957FEF84CBBAE71829529AE99A1B24F52D7831BD666442D0132FBB825409A75D ] srv2 C:\WINDOWS\system32\DRIVERS\srv2.sys
13:53:27.0572 0x1938 srv2 - ok
13:53:27.0619 0x1938 [ D047CD668E6277FD80F0C613946F034C, BD0209E7FD89F9295D4DE48C9652DF2A2990277C16AFA473B96704B1CBD2F338 ] srvnet C:\WINDOWS\system32\DRIVERS\srvnet.sys
13:53:27.0666 0x1938 srvnet - ok
13:53:27.0712 0x1938 [ CF6C3037839CF78421A94F9060C2886F, CA98C180AE03F5BE8FEFFBA75BD98DEE2AD4FA975E1EF83215C9CD2476946811 ] SSDPSRV C:\WINDOWS\System32\ssdpsrv.dll
13:53:28.0009 0x1938 SSDPSRV - ok
13:53:28.0056 0x1938 [ 198A737DBA666F4808D62E9A8277A6B7, 90B6E5E2ACE95D850C913A3A1DA1F966C44955C530004C228FA93B2A536F5C27 ] SstpSvc C:\WINDOWS\system32\sstpsvc.dll
13:53:28.0431 0x1938 SstpSvc - ok
13:53:28.0462 0x1938 [ 366DEA74BBA65B362BCCFC6FC2ADFD8B, 4D28122AB9D8DAB724021E6513B4474BD34FCEDF47769B1D27AC7551FCA002F8 ] stexstor C:\WINDOWS\system32\drivers\stexstor.sys
13:53:28.0478 0x1938 stexstor - ok
13:53:28.0681 0x1938 [ 63E9CE568CF1192771A5F0460DE7D2B9, C27B21FD2C14AD41A59EF62EB8AC95C08EB13CCB1CEECD8378B8CDD4DC352E69 ] stisvc C:\WINDOWS\System32\wiaservc.dll
13:53:28.0775 0x1938 stisvc - ok
13:53:28.0806 0x1938 [ 0ED2E318ABB68C1A35A8B8038BDB4C90, 5C3ABC245F4BCFE64E646D9C0E2F5E211244956C84D03084C71FF6A7E0CDED30 ] storahci C:\WINDOWS\system32\drivers\storahci.sys
13:53:28.0837 0x1938 storahci - ok
13:53:28.0869 0x1938 [ 8B9486B64E5FC17FB9CC04CA10B77A34, C1EAC9D27DC83E4C56B890D97988C3CCFAE3877309610601F2E3FFFE97686D43 ] storflt C:\WINDOWS\system32\drivers\vmstorfl.sys
13:53:28.0900 0x1938 storflt - ok
13:53:28.0931 0x1938 [ 6B06E2D11E604BE2B1A406C4CB3B90DE, 2DDEA1568A85AD64FCE5D10D348304FCD9BE6E96C2313353EF70A2933306D188 ] stornvme C:\WINDOWS\system32\drivers\stornvme.sys
13:53:28.0947 0x1938 stornvme - ok
13:53:28.0978 0x1938 [ A45F5AC9D8069D0EC66E3CA73103073B, 996788F1C58E016E8E5CF3FD1D220A3C40AFFD6C21361A34636415DB12E0D381 ] StorSvc C:\WINDOWS\system32\storsvc.dll
13:53:29.0212 0x1938 StorSvc - ok
13:53:29.0244 0x1938 [ 548759755BC73DAD663250239D7E0B9F, D31A05A8CE800B539420B6E545F1F4BF6E4B02EAF8366DE89CAF13A83C6CA48D ] storvsc C:\WINDOWS\system32\drivers\storvsc.sys
13:53:29.0275 0x1938 storvsc - ok
13:53:29.0322 0x1938 [ E395BE02F80A79A6CF973BA38DBB8135, 4C6F85B0EB8E7725BA720F9742561D229726C0D7C17505D1E79F19A5626F6325 ] svsvc C:\WINDOWS\system32\svsvc.dll
13:53:29.0666 0x1938 svsvc - ok
13:53:29.0697 0x1938 [ 65454187E0F8B6C0DCECB0287D06EC43, 87550000CF5B3C1DF3E69633934AFE8554AE40B6638F190D3185AD63F1D7A2EE ] swenum C:\WINDOWS\System32\drivers\swenum.sys
13:53:29.0728 0x1938 swenum - ok
13:53:30.0150 0x1938 [ 1C71D72D4997A284128FBEE770726330, 21682BDE74A1108FED1124FB1EA35A03CBFA94ABE1B89CC0FADB4DD82596C43E ] swprv C:\WINDOWS\System32\swprv.dll
13:53:30.0556 0x1938 swprv - ok
13:53:30.0728 0x1938 [ C9EC22D5B3C6B32A7C8B4A73870A7379, BA530C64FDE63D9A4023BB9E667497D5248B2910BC1A214B592318CC64034735 ] SymEFASI C:\WINDOWS\system32\drivers\N360x64\1605020.00F\SYMEFASI64.SYS
13:53:31.0041 0x1938 SymEFASI - ok
13:53:31.0087 0x1938 [ 1DE0CBF15AC67AE0E5B456ADEFB89493, C764815313BB4332279730AA02531A448A1D32F5B6D5689FF04549406A5B5212 ] SymELAM C:\WINDOWS\system32\drivers\N360x64\1605020.00F\SymELAM.sys
13:53:31.0119 0x1938 SymELAM - ok
13:53:31.0150 0x1938 [ 6DF8F618B93C821630C9BAA8DA3FAAAF, 553972D63F3347291EC8370AB910F741EF1DA61BC74FBA4192EF6E1DF567FB99 ] SymEvent C:\Windows\system32\Drivers\SYMEVENT64x86.SYS
13:53:31.0166 0x1938 SymEvent - ok
13:53:31.0212 0x1938 [ 0891E59A27208B9B727BAB863B853E80, 7BBDD53CB7AB003DF803D6D596A2B5216425DCC7FA8D3F311AE5BD4EC19FBB0A ] SymIRON C:\WINDOWS\system32\drivers\N360x64\1605020.00F\Ironx64.SYS
13:53:31.0572 0x1938 SymIRON - ok
13:53:31.0666 0x1938 [ 5EA70535B2A6504278E14943867B1B39, 53F191DE2F1F692983BD9068DCF0A851111B7A08FCEDFE871FA0594B0C46FCB7 ] SymNetS C:\WINDOWS\System32\Drivers\N360x64\1605020.00F\SYMNETS.SYS
13:53:32.0009 0x1938 SymNetS - ok
13:53:32.0119 0x1938 [ 7E85DB0463AD2403AE84AD162B162279, 996C42ECAFC6E24C623068AFAFCC0A2612526333AF9315F7536C6D40C2570632 ] SysMain C:\WINDOWS\system32\sysmain.dll
13:53:32.0291 0x1938 SysMain - ok
13:53:32.0369 0x1938 [ D73DBBB96CEE90C2856164AAD8543425, D11ADB5D4C5DD355314CA656D375D0062CAE7462E866F94F1B26D5803F65DCB2 ] SystemEventsBroker C:\WINDOWS\System32\SystemEventsBrokerServer.dll
13:53:32.0416 0x1938 SystemEventsBroker - ok
13:53:32.0463 0x1938 [ D6A71B95ACF71ACA63B67232059F1BCD, C5CEC032E7AB507500D1CC7A4E65DA6322412C798201A9D770CBDE892E50DFC8 ] TabletInputService C:\WINDOWS\System32\TabSvc.dll
13:53:32.0509 0x1938 TabletInputService - ok
13:53:32.0541 0x1938 [ 5A5BAB1CA9621E73E25EE4744B67CDA6, 479EBD7BAE1E2AD431153FDC016742F7A8D824716EAB1A4CA87EBBD21D61DECD ] TapiSrv C:\WINDOWS\System32\tapisrv.dll
13:53:32.0650 0x1938 TapiSrv - ok
13:53:32.0838 0x1938 [ 746DDF7D59AB8D721C88D48434597E8D, 78BDBAB8D1E86A11804FEB19B355C0FAD04ACE8DD4BDDFDADCE5461E259BCE82 ] Tcpip C:\WINDOWS\system32\drivers\tcpip.sys
13:53:33.0056 0x1938 Tcpip - ok
13:53:33.0244 0x1938 [ 746DDF7D59AB8D721C88D48434597E8D, 78BDBAB8D1E86A11804FEB19B355C0FAD04ACE8DD4BDDFDADCE5461E259BCE82 ] TCPIP6 C:\WINDOWS\system32\DRIVERS\tcpip.sys
13:53:33.0463 0x1938 TCPIP6 - ok
13:53:33.0525 0x1938 [ 41CF802064F72E55F50CA0A221FD36D4, 70ABCDF9E96611E8C83042C581575E26649FE479475E8E118CD3FF6CB1C84C3F ] tcpipreg C:\WINDOWS\system32\drivers\tcpipreg.sys
13:53:33.0541 0x1938 tcpipreg - ok
13:53:33.0588 0x1938 [ FFF28F9F6823EB1756C60F1649560BBF, 208DFF8BF0329D0D4761C7E31527AEED7FF5F3C36C5005953D01477F35408D5C ] tdx C:\WINDOWS\system32\DRIVERS\tdx.sys
13:53:33.0619 0x1938 tdx - ok
13:53:33.0634 0x1938 [ 232D185D2337F141311D0CF1983E1431, 02EB56D3F26174AF1741C1A444CE30DE84D5BAF583C1A52C7A953BCC52445547 ] terminpt C:\WINDOWS\System32\drivers\terminpt.sys
13:53:33.0666 0x1938 terminpt - ok
13:53:33.0759 0x1938 [ C50997E282576DA492EBA66B059D4196, EBD793CB396F9503376207FA60353F5672DEDB620C8E01C8D6AE0030B3B03339 ] TermService C:\WINDOWS\System32\termsrv.dll
13:53:34.0150 0x1938 TermService - ok
13:53:34.0181 0x1938 [ 2180DBCE75B914E5E5BBFFFAAE97AA21, 8000AECC8855903DB50ABA7E304396D1FCEAE8DC9ADD4FC50275CF24B4D914DE ] Themes C:\WINDOWS\system32\themeservice.dll
13:53:34.0228 0x1938 Themes - ok
13:53:34.0259 0x1938 [ 4C5179DB61B9E14BEC15CDC4B152B2E9, 9048BEC7AD6A3F4B640E99B1F0365AC9A46740B188758FBB2C160EF30AD6E64B ] THREADORDER C:\WINDOWS\system32\mmcss.dll
13:53:34.0291 0x1938 THREADORDER - ok
13:53:34.0322 0x1938 [ B5ED9CC61798C7D44BD535D40B89EFB5, 1BDCEAA9AF2096381870D92129C748F4EE06A1167ABA9367B9DD43BAF27E3F5B ] TimeBroker C:\WINDOWS\System32\TimeBrokerServer.dll
13:53:34.0650 0x1938 TimeBroker - ok
13:53:34.0681 0x1938 [ 82F909359600D3603FE852DB7F135626, 2EB2BB9D81AC9A2E432B2628E296B7B21F1C82EAE8009300EEF1B8596A9F418D ] TPM C:\WINDOWS\system32\drivers\tpm.sys
13:53:34.0713 0x1938 TPM - ok
13:53:34.0759 0x1938 [ 884113C2BB703FE806C8608B75F34831, 24DE5750CA4363455412BABB0B1FAB08497153E8F158ED44958F100410F93506 ] TrkWks C:\WINDOWS\System32\trkwks.dll
13:53:34.0853 0x1938 TrkWks - ok
13:53:34.0916 0x1938 [ 44A94FB4C76528D2382FFE04B05827C3, B0BCDF7CD1D65E61A9061D539D83527A89B69583958F8A26C6BF9766C1B61E0C ] TrustedInstaller C:\WINDOWS\servicing\TrustedInstaller.exe
13:53:34.0963 0x1938 TrustedInstaller - ok
13:53:34.0978 0x1938 [ BF8F54CA37E9C9D6582C31C5761F8C93, 337C566792F6FB9B7FD5D1D4384B767CFE4CF5DBB2E4688CCC36CBB018A0DD0F ] TsUsbFlt C:\WINDOWS\system32\drivers\tsusbflt.sys
13:53:35.0025 0x1938 TsUsbFlt - ok
13:53:35.0041 0x1938 [ 20185BEB7512EDE4EFECDFA148AC9F99, 6F539478493C0F87F3DDF67A4A6D4D41E9474EEF21434E856350CE149A34EA9F ] TsUsbGD C:\WINDOWS\System32\drivers\TsUsbGD.sys
13:53:35.0291 0x1938 TsUsbGD - ok
13:53:35.0322 0x1938 [ C8E0E78B5D284C2FF59BDFFDAF997242, BA1576C491A1246EF9866762426D110F4570F9DB42A68C174943C7D5020FE3E2 ] tunnel C:\WINDOWS\system32\DRIVERS\tunnel.sys
13:53:35.0369 0x1938 tunnel - ok
13:53:35.0384 0x1938 [ F6EEAD052943B5A3104C1405BB856C54, FE422813E6C1012E9F392EFF2AE4C6D3A4DBD9CB2BD5E6A5CAB57D4E89A29468 ] uagp35 C:\WINDOWS\system32\drivers\uagp35.sys
13:53:35.0416 0x1938 uagp35 - ok
13:53:35.0431 0x1938 [ FE6067B1FD4E63650C667B33D080565B, 2C330ED00E49BA55E25564230E0DFB8A35F2B5320EB18D4AF7CAACFA9A449044 ] UASPStor C:\WINDOWS\System32\drivers\uaspstor.sys
13:53:35.0463 0x1938 UASPStor - ok
13:53:35.0509 0x1938 [ 807F8CF3E973305FC435C61CBBEE2A49, 43CDEAC2BFC5091C11DFC0E7F7171AF9A598AE56CB056C3CF382AE7807F79EF0 ] UCX01000 C:\WINDOWS\System32\drivers\ucx01000.sys
13:53:35.0556 0x1938 UCX01000 - ok
13:53:35.0603 0x1938 [ C61EAF8E1E4B2F62BA4FDF457440B2C6, 961F76A789925234AC27F56AAE34556FA06088D71580B42C24B0BC209EAFD67E ] udfs C:\WINDOWS\system32\DRIVERS\udfs.sys
13:53:35.0650 0x1938 udfs - ok
13:53:35.0666 0x1938 [ 9578691F297E1B1F519970FE6D47CB21, 080C352AAF22A16A4F3C4AB4DCEA5BFA656457C73F735CEBA30516FDACCF6301 ] UEFI C:\WINDOWS\System32\drivers\UEFI.sys
13:53:35.0697 0x1938 UEFI - ok
13:53:35.0744 0x1938 [ A867F0F978EE64C87FADC3B100869EE4, 2686BE85F963D0D0BB275E92E5B543280D8742CF10772303E3189D0719B6A277 ] UI0Detect C:\WINDOWS\system32\UI0Detect.exe
13:53:35.0775 0x1938 UI0Detect - ok
13:53:35.0791 0x1938 [ 5EAB5117DDB24FC4D39E6FFFCF1837B9, 2BC709240867F161E94BE6625A04F478EAAA3EEE7BC7C37ED0DFA9EEA5928E98 ] uliagpkx C:\WINDOWS\system32\drivers\uliagpkx.sys
13:53:35.0822 0x1938 uliagpkx - ok
13:53:35.0853 0x1938 [ DA34C39A18E60E7C3FA0630566408034, 2F162504214053894C72760D9933D01DBF3578609FE5E2376C3272818599FE32 ] umbus C:\WINDOWS\System32\drivers\umbus.sys
13:53:35.0884 0x1938 umbus - ok
13:53:35.0884 0x1938 [ AE8294875E5446E359B1E8035D40C05E, AE0357BAB47C07C3576BC76951CD258C009BC5A1B93259D2122A841BD9CDA8FA ] UmPass C:\WINDOWS\System32\drivers\umpass.sys
13:53:35.0916 0x1938 UmPass - ok
13:53:35.0978 0x1938 [ A023F267A262D5DA6CE1436D9C5E8FD9, 92AD7AF91184C244A7E392F49663143193A80D5D81114546A00F18227DE31D23 ] UmRdpService C:\WINDOWS\System32\umrdp.dll
13:53:36.0197 0x1938 UmRdpService - ok
13:53:36.0244 0x1938 [ C98493DD8E6A50154FAC75C15E1C36BB, CECD1C826C8F7AF05468871BF6A0ACDBB6B0202F4F87F48C6D367E5BD699E800 ] upnphost C:\WINDOWS\System32\upnphost.dll
13:53:36.0681 0x1938 upnphost - ok
13:53:36.0728 0x1938 [ FF78D053A05E5A394F4E3C1816CC65A8, 5DAE02414271231F5FDBB751AFEB99874779B467947020815D4AE54432D4269D ] usbccgp C:\WINDOWS\System32\drivers\usbccgp.sys
13:53:36.0759 0x1938 usbccgp - ok
13:53:36.0806 0x1938 [ 0139248F6B95CF0D837B5B46A2722D40, 38E3E704E0364F07732DB418AEBD126B040FB3CDB7D78EA36E8605D50D528A80 ] usbcir C:\WINDOWS\System32\drivers\usbcir.sys
13:53:37.0072 0x1938 usbcir - ok
13:53:37.0088 0x1938 [ 48BA326A3DBA5B5BEB5F2777F4618696, B9EC8155F11A3A7644BD9DC8910681B46AE44AE3BF53F052DF50E9C5555E3229 ] usbehci C:\WINDOWS\System32\drivers\usbehci.sys
13:53:37.0119 0x1938 usbehci - ok
13:53:37.0197 0x1938 [ FEF0BC107812B36849741C3211BA6B60, B3EF738BE1E6B6027F29C9713CD3F367EA067D2BE46580AFBC0FB58046EF6BBD ] usbhub C:\WINDOWS\System32\drivers\usbhub.sys
13:53:37.0259 0x1938 usbhub - ok
13:53:37.0322 0x1938 [ 95B0179BDA907252025DEEA183699FB3, A6BDFB93EE9418A83407024204A41640A08638C60E2BE75C249D102601DC1D80 ] USBHUB3 C:\WINDOWS\System32\drivers\UsbHub3.sys
13:53:37.0384 0x1938 USBHUB3 - ok
13:53:37.0400 0x1938 [ 3019097FB6C985EF24C058090FF3BDBD, 24AC518D34E338D94BF3D5B3F72E53F8A1369BAA7F32FEA3EDBCF928C4FF1D17 ] usbohci C:\WINDOWS\System32\drivers\usbohci.sys
13:53:37.0431 0x1938 usbohci - ok
13:53:37.0447 0x1938 [ 4D655E3B684BE9B0F7FFD8A2935C348C, 3A7FC1748C5AEA8CFE0E7C22ADC77E3DCA475455FC16D9C6A5C16EB5E949A516 ] usbprint C:\WINDOWS\System32\drivers\usbprint.sys
13:53:37.0634 0x1938 usbprint - ok
13:53:37.0666 0x1938 [ 0F030491BA4A27BD46F8B8ACEEE83F1A, 7063855611BEF94D4D229BA1BE507ECBDD89F5861641A407EB3E2919A352F9D4 ] usbscan C:\WINDOWS\system32\DRIVERS\usbscan.sys
13:53:37.0853 0x1938 usbscan - ok
13:53:37.0900 0x1938 [ 66732C13628BDB1AB0D6FD46027327C2, B582C0F348D8F79419CA5A58F10CA151E06D7CA3BE162344CADA46D9D7FED97C ] USBSTOR C:\WINDOWS\System32\drivers\USBSTOR.SYS
13:53:37.0931 0x1938 USBSTOR - ok
|
|
10.09.2015, 13:13
| #4 |
| | Links über Skype und Mails werden verschickt - aber nicht von mirCode:
ATTFilter 13:53:37.0947 0x1938 [ 064260B3A5868AC894A4943543BC7AB7, D3534E98B34C4AC9A430D7E0AB301A0E5E1511E3117C2FEA392636B0DE2C38E2 ] usbuhci C:\WINDOWS\System32\drivers\usbuhci.sys
13:53:37.0978 0x1938 usbuhci - ok
13:53:38.0025 0x1938 [ 5C8F604F6DC74177CDD8372D7B1ADFF0, C1DE9A37A7A01CCCBFCE13C1E5B26683F620AB21EDA5A14C82022E2F49C84484 ] usbvideo C:\WINDOWS\System32\Drivers\usbvideo.sys
13:53:38.0056 0x1938 usbvideo - ok
13:53:38.0150 0x1938 [ 44603DA5A87FB491EF59C889EBBB4DDB, 59AA9B6B0B5D66F9312CD3F999D0D9F12F1A2C5D230365AD7287CD71FD86961C ] USBXHCI C:\WINDOWS\System32\drivers\USBXHCI.SYS
13:53:38.0197 0x1938 USBXHCI - ok
13:53:38.0228 0x1938 [ 382100E75B6F4668AEAEF228C6CEFFAD, 9C7229F10F11D18E1FED6395391A46225A84B421034B9AB6F81AF7430FDC556F ] VaultSvc C:\WINDOWS\system32\lsass.exe
13:53:38.0259 0x1938 VaultSvc - ok
13:53:38.0306 0x1938 [ FEB26E3B8345A7E8D62F945C4AE86562, 3AAFE87C402FC8E92542DFE60EC9540559863065F88D429A16D7B1BF829223FF ] vdrvroot C:\WINDOWS\system32\drivers\vdrvroot.sys
13:53:38.0322 0x1938 vdrvroot - ok
13:53:38.0447 0x1938 [ 8A4D808D1EC7C1C47B2C8BF488A9A07A, 63C07312ADB6F8A8BDE93361C30AC63DAB4DE1141AF54630EEF11E54B0BF983D ] vds C:\WINDOWS\System32\vds.exe
13:53:38.0556 0x1938 vds - ok
13:53:38.0588 0x1938 [ A026EDEAA5EECAE0B08E2748B616D4BD, 2525A54DC7F49DDFBB999C22BF3FAB6D9E9F70C0806E58D81E90AC59F9F46089 ] VerifierExt C:\WINDOWS\system32\drivers\VerifierExt.sys
13:53:38.0634 0x1938 VerifierExt - ok
13:53:38.0681 0x1938 [ F6ECFD6128A16A4851CFE98D4E01B011, C349893E8D7FB9B510A3FAD040F70C3C72B0ACDD5F6EB336951849F9E953717D ] vhdmp C:\WINDOWS\System32\drivers\vhdmp.sys
13:53:38.0744 0x1938 vhdmp - ok
13:53:38.0775 0x1938 [ 06D38968028E9AB19DE9B618C7B6D199, 62022297A47F440D1C82CA0B0E57C0C8E9D5033D83DD3B40492B218DF65EBF68 ] viaide C:\WINDOWS\system32\drivers\viaide.sys
13:53:38.0806 0x1938 viaide - ok
13:53:38.0822 0x1938 [ 511AD3FF957A0127E6BD336FF6F89C38, 55325BFD0857A1204F7F6F8ED8C91C07B0E20A50402105708E7365ECD9E25A21 ] vmbus C:\WINDOWS\system32\drivers\vmbus.sys
13:53:38.0853 0x1938 vmbus - ok
13:53:38.0869 0x1938 [ DA40BEA0A863CE768C940CA9723BF81F, 567C0C3F422325635808B0CF76E05D3B6187F96845C33F85F92F98C9FE53A5B8 ] VMBusHID C:\WINDOWS\System32\drivers\VMBusHID.sys
13:53:38.0900 0x1938 VMBusHID - ok
13:53:38.0963 0x1938 [ C42C38E15C0DC39D4B0BDF34F733E468, 7264680C44FA68BB1FC0A490FE3988AFDE19892295F7458943D8CBEE6C01D4F0 ] vmicguestinterface C:\WINDOWS\System32\ICSvc.dll
13:53:39.0025 0x1938 vmicguestinterface - ok
13:53:39.0072 0x1938 [ C42C38E15C0DC39D4B0BDF34F733E468, 7264680C44FA68BB1FC0A490FE3988AFDE19892295F7458943D8CBEE6C01D4F0 ] vmicheartbeat C:\WINDOWS\System32\ICSvc.dll
13:53:39.0134 0x1938 vmicheartbeat - ok
13:53:39.0166 0x1938 [ C42C38E15C0DC39D4B0BDF34F733E468, 7264680C44FA68BB1FC0A490FE3988AFDE19892295F7458943D8CBEE6C01D4F0 ] vmickvpexchange C:\WINDOWS\System32\ICSvc.dll
13:53:39.0228 0x1938 vmickvpexchange - ok
13:53:39.0259 0x1938 [ C42C38E15C0DC39D4B0BDF34F733E468, 7264680C44FA68BB1FC0A490FE3988AFDE19892295F7458943D8CBEE6C01D4F0 ] vmicrdv C:\WINDOWS\System32\ICSvc.dll
13:53:39.0322 0x1938 vmicrdv - ok
13:53:39.0353 0x1938 [ C42C38E15C0DC39D4B0BDF34F733E468, 7264680C44FA68BB1FC0A490FE3988AFDE19892295F7458943D8CBEE6C01D4F0 ] vmicshutdown C:\WINDOWS\System32\ICSvc.dll
13:53:39.0416 0x1938 vmicshutdown - ok
13:53:39.0463 0x1938 [ C42C38E15C0DC39D4B0BDF34F733E468, 7264680C44FA68BB1FC0A490FE3988AFDE19892295F7458943D8CBEE6C01D4F0 ] vmictimesync C:\WINDOWS\System32\ICSvc.dll
13:53:39.0525 0x1938 vmictimesync - ok
13:53:39.0556 0x1938 [ C42C38E15C0DC39D4B0BDF34F733E468, 7264680C44FA68BB1FC0A490FE3988AFDE19892295F7458943D8CBEE6C01D4F0 ] vmicvss C:\WINDOWS\System32\ICSvc.dll
13:53:39.0619 0x1938 vmicvss - ok
13:53:39.0650 0x1938 [ 55D7D963DE85162F1C49721E502F9744, 5AD34D6DB707EF3E5242BD8CA67B21D6258EE7E7FC477D5227BD15500AE7F45F ] volmgr C:\WINDOWS\system32\drivers\volmgr.sys
13:53:39.0681 0x1938 volmgr - ok
13:53:39.0713 0x1938 [ CCB9E901F7254BF96D28EB1B0E5329B7, F0E3CA4EFA544CDAEF4092284CF3EC7DF07F806A770285E281816457AD8813F5 ] volmgrx C:\WINDOWS\system32\drivers\volmgrx.sys
13:53:39.0759 0x1938 volmgrx - ok
13:53:39.0791 0x1938 [ 64CA2B4A49A8EAF495E435623ECCE7DB, 81151F295A54DE2B8B88C7F48C86BF58CDFF96F98493509C06D6F41484594386 ] volsnap C:\WINDOWS\system32\drivers\volsnap.sys
13:53:39.0838 0x1938 volsnap - ok
13:53:39.0884 0x1938 [ EF31713EE4C7CCFE4049F7E7F15645A2, 35D198D3F1061E19A7EF89FA1E75377049CD6BCA9702F8076B9F95BB8737E0D4 ] vpci C:\WINDOWS\System32\drivers\vpci.sys
13:53:39.0900 0x1938 vpci - ok
13:53:39.0978 0x1938 [ 80E63B86C40C5E067475DC98F845A6DD, A9B5211E1038DCDDB35D2E4496DDE455B8610933918E705A8323E3F283E98A8D ] vpnagent C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe
13:53:40.0025 0x1938 vpnagent - ok
13:53:40.0056 0x1938 [ A8D4FED106B4BD337DF3DA20BA44E18E, 066F58895F9FF71E72852DB982C3CD2F7E92092411686CE972449B0123A04B1E ] vpnva C:\WINDOWS\system32\DRIVERS\vpnva64.sys
13:53:40.0072 0x1938 vpnva - ok
13:53:40.0119 0x1938 [ 4539F45F9F4C9757A86A56C949421E07, DEC362314B2C66414F39354AFE79C02B18BF4EEF90787FB58307F6EB62237E2C ] vsmraid C:\WINDOWS\system32\drivers\vsmraid.sys
13:53:40.0150 0x1938 vsmraid - ok
13:53:40.0291 0x1938 [ 3B7F9612439EA47151EC5EAB232C1C3F, CA08CCB14CB46512F72E2C20454242B18BC57E34C55B42A37B7EC27B79242CDC ] VSS C:\WINDOWS\system32\vssvc.exe
13:53:41.0025 0x1938 VSS - ok
13:53:41.0088 0x1938 [ 0849B7260F26FE05EA56DED0672E2F4B, 7EAC0E7988F45CB4133A15932955B7B03CE715C967A3BAC9999D81543EBCAEC5 ] VSTXRAID C:\WINDOWS\system32\drivers\vstxraid.sys
13:53:41.0135 0x1938 VSTXRAID - ok
13:53:41.0181 0x1938 [ BE970C369E43B509C1EDA2B8FA7CECB0, 18951F2AA842A0795AA79A4E164EE925A35E6270EBE4C4CDB19D0A891830E383 ] vwifibus C:\WINDOWS\System32\drivers\vwifibus.sys
13:53:41.0213 0x1938 vwifibus - ok
13:53:41.0244 0x1938 [ 35BF5C5F5E3C9902C98978C7640574DA, C61E50B04000DCEC72365723F0C0725C2E005529DAF2777A59E624C14DA29E55 ] vwififlt C:\WINDOWS\system32\DRIVERS\vwififlt.sys
13:53:41.0275 0x1938 vwififlt - ok
13:53:41.0291 0x1938 [ 65ED7B9CFEA893DF7748D5FF692690DE, 73AB9D8BB928B3247BDFC7BB47AD7FCA763B375DC250C251DB4E0573531040E8 ] vwifimp C:\WINDOWS\system32\DRIVERS\vwifimp.sys
13:53:41.0322 0x1938 vwifimp - ok
13:53:41.0369 0x1938 [ DC821E811EFBB65CDD77FBB8B6ECA385, B7C8AACDF81DBA298F2F384983D36B269876C31F0398D89BF9070217A069B96F ] W32Time C:\WINDOWS\system32\w32time.dll
13:53:41.0431 0x1938 W32Time - ok
13:53:41.0447 0x1938 [ 0910AB9ED404C1434E2D0376C2AD5D8B, 62585CA5F1375BDA440D28D5DF1ADDC9DE3DDFA196D49BBFF3456A5A09EE1C6B ] WacomPen C:\WINDOWS\System32\drivers\wacompen.sys
13:53:41.0478 0x1938 WacomPen - ok
13:53:41.0635 0x1938 [ A81988DCC4FA440AA88B84CA452F5E22, 3573AAA09971E8ADB6FEFA778E02B2D8EE5E4249267CF37A524D9F019CC836FB ] wbengine C:\WINDOWS\system32\wbengine.exe
13:53:42.0135 0x1938 wbengine - ok
13:53:42.0197 0x1938 [ 0F1DFA2FED73FA78B8C3CDE332A870F6, 1089F6F585F5350D349A640EBD3117832DF6B3657EB6667CB00AE217E04ACA17 ] WbioSrvc C:\WINDOWS\System32\wbiosrvc.dll
13:53:42.0806 0x1938 WbioSrvc - ok
13:53:42.0838 0x1938 [ 0EAEC313B24837613621B4A2536ED382, 61C194ED7FA7D65BBE61A546D5FCA52F52AB08324E084D3EC23C9706E9BF0175 ] Wcmsvc C:\WINDOWS\System32\wcmsvc.dll
13:53:43.0056 0x1938 Wcmsvc - ok
13:53:43.0103 0x1938 [ F6B4C2280FF7C7156AC8A4687B9DA35E, 1899D584D7469BB49355D84080051E2575B033E6312009D9C6C1DD3F7F9AA4C5 ] wcncsvc C:\WINDOWS\System32\wcncsvc.dll
13:53:43.0150 0x1938 wcncsvc - ok
13:53:43.0166 0x1938 [ B7BF1D783F5B2484E8CE1C0C78257F16, 468601199FCCF63DBAE86EE6B8825EA85B2A1EE177413353FFA2CC9CA5249FCD ] WcsPlugInService C:\WINDOWS\System32\WcsPlugInService.dll
13:53:43.0197 0x1938 WcsPlugInService - ok
13:53:43.0244 0x1938 [ 81285DDC994F03379DB46419300B2DCB, 98D3622E11F375718AEA1DE3B5F0104DDAB4F96B6D4C19788C14F7B338A6F235 ] WdBoot C:\WINDOWS\system32\drivers\WdBoot.sys
13:53:43.0260 0x1938 WdBoot - ok
13:53:43.0306 0x1938 [ D0335A55E5C3F812548E18300C2ACB62, 7EF7C3A21E97197E1A6D2956D0F5A7C23F2D590C9709708394426031634990A5 ] WDC_SAM C:\WINDOWS\System32\drivers\wdcsam64.sys
13:53:43.0338 0x1938 WDC_SAM - ok
13:53:43.0416 0x1938 [ CB6C63FF8342B467E2EF76E98D5B934D, BE017CE91E3BAB293DE6ECF143797CCE3F33CC63024437472B4E38C6961AD884 ] Wdf01000 C:\WINDOWS\system32\drivers\Wdf01000.sys
13:53:43.0494 0x1938 Wdf01000 - ok
13:53:43.0525 0x1938 [ 26B8FED3F3B85F5F0C4BD03FD00B9941, 7F94FE7954498223B33C025258DB588A3AC9FF25C58EEAD204514FD20652FE40 ] WdFilter C:\WINDOWS\system32\drivers\WdFilter.sys
13:53:43.0572 0x1938 WdFilter - ok
13:53:43.0619 0x1938 [ F581F9C9D6953FABFA24E67105F0B614, 5A7BB72523D1C53BBE68700537D7AE0D150BC7E4B8227A916B2E29EE4CA267A9 ] WdiServiceHost C:\WINDOWS\system32\wdi.dll
13:53:43.0650 0x1938 WdiServiceHost - ok
13:53:43.0666 0x1938 [ F581F9C9D6953FABFA24E67105F0B614, 5A7BB72523D1C53BBE68700537D7AE0D150BC7E4B8227A916B2E29EE4CA267A9 ] WdiSystemHost C:\WINDOWS\system32\wdi.dll
13:53:43.0697 0x1938 WdiSystemHost - ok
13:53:43.0744 0x1938 [ CE67080F00E0AF32755096CEA6430ABA, 0E5D626F9F76C0BC63B2D246AD66D9CBF7D92F34B56398417BCFD0C331DBD282 ] WdNisDrv C:\WINDOWS\system32\Drivers\WdNisDrv.sys
13:53:43.0775 0x1938 WdNisDrv - ok
13:53:43.0791 0x1938 WdNisSvc - ok
13:53:43.0838 0x1938 [ 40F83492DB9ABBA59773A45FB487C8B2, 0D0DE0B0C9B929FEFD2674CCF17F5F2FC4B16EAB8E1981BBCE51B0305FD7D75E ] WebClient C:\WINDOWS\System32\webclnt.dll
13:53:43.0916 0x1938 WebClient - ok
13:53:43.0963 0x1938 [ 384E1D04FE20845B2559D292F17A9FA1, AD3B0B2B2219691AC30FEEC8AFDB3BBB74B51BB7D02038AE2B4DEA514E245315 ] Wecsvc C:\WINDOWS\system32\wecsvc.dll
13:53:44.0010 0x1938 Wecsvc - ok
13:53:44.0025 0x1938 [ 455014F4E48B67EBE0F032E2B0E06BF2, A36435784A034B27056A0E606683A20C69F1B0AB2B6BAEDEAEAA190F6287CAEF ] WEPHOSTSVC C:\WINDOWS\system32\wephostsvc.dll
13:53:44.0056 0x1938 WEPHOSTSVC - ok
13:53:44.0072 0x1938 [ F13DBA57CEA9B7074B95EDCA6AD2635E, 1D9BA4841EF1343A5D9096B5FE27FC65DC1901D6683DD13516171638549666B5 ] wercplsupport C:\WINDOWS\System32\wercplsupport.dll
13:53:44.0119 0x1938 wercplsupport - ok
13:53:44.0135 0x1938 [ FD7E58B6AA3EABF2D12B9762A20E11E4, 4C5E2E246C5C70074866BB3DBC2AAF483ECE4345004CCB8D1FE285047268685D ] WerSvc C:\WINDOWS\System32\WerSvc.dll
13:53:44.0181 0x1938 WerSvc - ok
13:53:44.0228 0x1938 [ 715ABA3DD164D06457A2A3C92F6EA9D5, E6F8269D2FFC4A548B65724C0A3F53756ED15E47229861FBD40B656EE40FE166 ] WFPLWFS C:\WINDOWS\system32\DRIVERS\wfplwfs.sys
13:53:44.0260 0x1938 WFPLWFS - ok
13:53:44.0275 0x1938 [ 8C840E1FD7584E74BD0CC1EA581EC187, 148E534A94B4882E7396B13FABE17407802292E7890713540080D03D5629C81D ] WiaRpc C:\WINDOWS\System32\wiarpc.dll
13:53:44.0322 0x1938 WiaRpc - ok
13:53:44.0353 0x1938 [ 5F66B7BB330AA80067FC66149A692620, 92C5D7115A168A23108B65EEEB5FBA8FA43D781855355792596D2419160263C2 ] WIMMount C:\WINDOWS\system32\drivers\wimmount.sys
13:53:44.0385 0x1938 WIMMount - ok
13:53:44.0385 0x1938 WinDefend - ok
13:53:44.0510 0x1938 [ 10DAD6A7FC617A221313BD584E3C3A00, F139B878668ECF38FE59831E8595A207D5CEEE76C6FFDA8C9F735435E601A763 ] WinHttpAutoProxySvc C:\WINDOWS\system32\winhttp.dll
13:53:44.0588 0x1938 WinHttpAutoProxySvc - ok
13:53:44.0650 0x1938 [ FC8BD690321216C32BB58B035B6D5674, D61698DB19D9DB2593B60B6BA13F7B7735667206F41D751D507135469D6D3CDD ] Winmgmt C:\WINDOWS\system32\wbem\WMIsvc.dll
13:53:44.0916 0x1938 Winmgmt - ok
13:53:45.0119 0x1938 [ 75436315AA383CF527695C6D49D0CA59, E3D55F2ACBD45D4D031FA6CA799394459C89BE50FF6ADE4FE36F2CAB2D2E63D0 ] WinRM C:\WINDOWS\system32\WsmSvc.dll
13:53:45.0494 0x1938 WinRM - ok
13:53:45.0635 0x1938 [ DC079BA8390089E4EBCA63D27EEA3ECB, 4D549217A68292E2B16C09FD9F84317011EE54A2DAF4E2AB85554267DF0D3249 ] WlanSvc C:\WINDOWS\System32\wlansvc.dll
13:53:45.0775 0x1938 WlanSvc - ok
13:53:45.0885 0x1938 [ 06BF5897949A8F24893F792E876B71F5, 9D3719492A86BF52A56E2EA798FD6FDB5862A03F6D360FCC4B0CEA9BE9792AE4 ] wlidsvc C:\WINDOWS\system32\wlidsvc.dll
13:53:46.0010 0x1938 wlidsvc - ok
13:53:46.0041 0x1938 [ 2834D9D3B4F554A39C72F00EA3F0E128, D10124343C67FE9A0B711AD569BB8080495FCEA0ECEF9AC3F3FBD6865F436A44 ] WmiAcpi C:\WINDOWS\System32\drivers\wmiacpi.sys
13:53:46.0072 0x1938 WmiAcpi - ok
13:53:46.0103 0x1938 [ B96F7A1236C3F21212DE2C40A3DDB005, 5A29EBB6DA036E303611EB1304192655021405BB05452FD37886DDE604FF0D9D ] wmiApSrv C:\WINDOWS\system32\wbem\WmiApSrv.exe
13:53:46.0338 0x1938 wmiApSrv - ok
13:53:46.0369 0x1938 WMPNetworkSvc - ok
13:53:46.0400 0x1938 [ 7FC5667DF73D4B04AA457CC3A4180E09, CB7B014945DCA16B6D120DBE0E5876C4C867A4ACD3C3536AEADC14B908613D4E ] Wof C:\WINDOWS\system32\drivers\Wof.sys
13:53:46.0588 0x1938 Wof - ok
13:53:46.0728 0x1938 [ 588040D595BBF0856CA1ADD941A8ED17, CBC92BB5453FE1BEA6F33239B7CE884F312559591383408EA5F95A006156C5D3 ] workfolderssvc C:\WINDOWS\system32\workfolderssvc.dll
13:53:47.0088 0x1938 workfolderssvc - ok
13:53:47.0135 0x1938 [ A2468CC3509394A33C4C32F99563D845, 62690C7D41F382DF74B8F4B942647842858E37DE35FF2DE028192E4D09ABB2C5 ] wpcfltr C:\WINDOWS\system32\DRIVERS\wpcfltr.sys
13:53:47.0166 0x1938 wpcfltr - ok
13:53:47.0197 0x1938 [ 19F4DF69876DA7E9C4965351560FE6B7, 127247A7964F55EE3AF842D25120F5ACD387632BEE2BF3D28FAC05840CEA19BA ] WPCSvc C:\WINDOWS\System32\wpcsvc.dll
13:53:47.0228 0x1938 WPCSvc - ok
13:53:47.0260 0x1938 [ 2ADE11F3D84709C5F6781E4C59F11683, F003C43396CF8FCF44EAB87583650DB4D2A233322D28D6A78D1694945D9073BB ] WPDBusEnum C:\WINDOWS\system32\wpdbusenum.dll
13:53:47.0541 0x1938 WPDBusEnum - ok
13:53:47.0556 0x1938 [ 9F2904B55F6CECCD1A8D986B5CE2609A, E19ED4DD3CEF3A22C058FC324824604FB3FC98A029C94E6C2A3389F938D680B6 ] WpdUpFltr C:\WINDOWS\system32\drivers\WpdUpFltr.sys
13:53:47.0588 0x1938 WpdUpFltr - ok
13:53:47.0619 0x1938 [ AE072B0339D0A18E455DC21666CAD572, AB1DAEA25E2C7AD610818D4B4783F6D4190D85EBB3963BBAD410E8CEA7899EDB ] ws2ifsl C:\WINDOWS\system32\drivers\ws2ifsl.sys
13:53:47.0650 0x1938 ws2ifsl - ok
13:53:47.0681 0x1938 [ 5596C0960ED6ED7494BF2A55DE428684, C95CF09A657F37F421CC80E16F2F95B8EC59A8D5D48F104551155EAC8E53DCB2 ] wscsvc C:\WINDOWS\System32\wscsvc.dll
13:53:47.0713 0x1938 wscsvc - ok
13:53:47.0728 0x1938 [ F586F3F1BF962FE9AE4316E0D896B22F, 8D0AD48D79294567123D943D0F5B6D5A32D7A82B129A24DC821D3095AFAA100B ] WSDPrintDevice C:\WINDOWS\System32\drivers\WSDPrint.sys
13:53:47.0760 0x1938 WSDPrintDevice - ok
13:53:47.0791 0x1938 [ 58035FD3369879E02D65989C44D27450, B9245DB5C17F7CE94FAA20AB4B0D06A4DFB6133C6E82343758CDC713EB64DFEF ] WSDScan C:\WINDOWS\system32\DRIVERS\WSDScan.sys
13:53:47.0822 0x1938 WSDScan - ok
13:53:47.0838 0x1938 WSearch - ok
13:53:48.0056 0x1938 [ 6B2D71124C1EA86B74412F414C42431D, 078CC6C9667EF6BDA3E6900BC26A5A5B030CAA66928A6BBB7B7DC43C5C199EDC ] WSService C:\WINDOWS\System32\WSService.dll
13:53:48.0744 0x1938 WSService - ok
13:53:48.0916 0x1938 [ 3F726FF7B1ACC7D5E89940EA5BFF0E61, DF84486870C677B30985005A909CFDF8446BD566F601A295FF29F258E1D1AFF4 ] wuauserv C:\WINDOWS\system32\wuaueng.dll
13:53:49.0181 0x1938 wuauserv - ok
13:53:49.0228 0x1938 [ 481286719402E4BAEFEA0604AB1B5113, F3CF65DF2AB39F79AE4C1335831408418E40726706E0242677E8B96B0FAD988F ] WudfPf C:\WINDOWS\system32\drivers\WudfPf.sys
13:53:49.0635 0x1938 WudfPf - ok
13:53:49.0650 0x1938 [ D7B4859227B02BCC1055B279A63C937F, 82C99844CC596C2723523B1B98573488FF23337947B78AA04BA21E58394BB751 ] WUDFRd C:\WINDOWS\System32\drivers\WUDFRd.sys
13:53:50.0072 0x1938 WUDFRd - ok
13:53:50.0135 0x1938 [ 51D28F7F1F888DDCF2C67DCF3B79A5D3, 74FF2936AFCEB9A36175D5B00EB91A5AD614B52BE3FB3FA9B994A025A484D2B7 ] wudfsvc C:\WINDOWS\System32\WUDFSvc.dll
13:53:50.0291 0x1938 wudfsvc - ok
13:53:50.0307 0x1938 [ D7B4859227B02BCC1055B279A63C937F, 82C99844CC596C2723523B1B98573488FF23337947B78AA04BA21E58394BB751 ] WUDFWpdFs C:\WINDOWS\system32\DRIVERS\WUDFRd.sys
13:53:50.0353 0x1938 WUDFWpdFs - ok
13:53:50.0463 0x1938 [ A0900F8F628B5AF6841414EB3CF11E50, 8A531F2472FF4B4D895D469D28C215C834ECADBEF539894B8F3F606079A86184 ] WwanSvc C:\WINDOWS\System32\wwansvc.dll
13:53:50.0932 0x1938 WwanSvc - ok
13:53:50.0994 0x1938 [ 86B8B1F5C1189D68B07666784BE882FE, 0DD8C627F3DDBDB61B1910540C465C0D62C9F8D84C7CBB6C80782DB02D535AF0 ] ZAtheros Bt and Wlan Coex Agent C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe
13:53:51.0135 0x1938 ZAtheros Bt and Wlan Coex Agent - detected UnsignedFile.Multi.Generic ( 1 )
13:53:53.0650 0x1938 Detect skipped due to KSN trusted
13:53:53.0650 0x1938 ZAtheros Bt and Wlan Coex Agent - ok
13:53:53.0666 0x1938 ================ Scan global ===============================
13:53:53.0713 0x1938 [ 05B08C20B8428ECE088CB5635696A48D, 471642A2D0E5C3BB235962FC8D86A49AC30D7DDE80B97E348425BBFCDE4DCDC3 ] C:\WINDOWS\system32\basesrv.dll
13:53:53.0760 0x1938 [ EAB311B0A7A8EA0346F14F08D4BC8F46, 11168E4074679F8A69DA714C0ABD0C68BA49D171B379343F14783C9C563202CA ] C:\WINDOWS\system32\winsrv.dll
13:53:54.0103 0x1938 [ 3600ED7EA8AED849E20700551C0BD63B, 4A8C346C1646E80B58EF93F87F915A41E05CA2E993BB1C96955AE62A0669AF66 ] C:\WINDOWS\system32\sxssrv.dll
13:53:54.0166 0x1938 [ E0C7813A97CA7947FF5C18A8F3B61A45, 083BB4F3B20419C87DB656F1465E5F782ACDE76838CDE6207F26AAD035C69DE0 ] C:\WINDOWS\system32\services.exe
13:53:54.0197 0x1938 [ Global ] - ok
13:53:54.0197 0x1938 ================ Scan MBR ==================================
13:53:54.0197 0x1938 [ 5FB38429D5D77768867C76DCBDB35194 ] \Device\Harddisk0\DR0
13:53:54.0338 0x1938 \Device\Harddisk0\DR0 - ok
13:53:54.0510 0x1938 [ 5FB38429D5D77768867C76DCBDB35194 ] \Device\Harddisk1\DR1
13:53:55.0104 0x1938 \Device\Harddisk1\DR1 - ok
13:53:55.0104 0x1938 ================ Scan VBR ==================================
13:53:55.0119 0x1938 [ A6283B5944C48D1BAEE0AE784F258D51 ] \Device\Harddisk0\DR0\Partition1
13:53:55.0166 0x1938 \Device\Harddisk0\DR0\Partition1 - ok
13:53:55.0182 0x1938 [ 97FAE432868BFCEAA2A704CF9253F80E ] \Device\Harddisk0\DR0\Partition2
13:53:55.0244 0x1938 \Device\Harddisk0\DR0\Partition2 - ok
13:53:55.0275 0x1938 [ 446ED579EBDF5303BCD1FE047B41C988 ] \Device\Harddisk0\DR0\Partition3
13:53:55.0291 0x1938 \Device\Harddisk0\DR0\Partition3 - ok
13:53:55.0307 0x1938 [ 25BF7D44F2FF0EEB5EB88CC8854975DF ] \Device\Harddisk0\DR0\Partition4
13:53:55.0369 0x1938 \Device\Harddisk0\DR0\Partition4 - ok
13:53:55.0385 0x1938 [ 945D99E325685EB0E9096DD44950B7EB ] \Device\Harddisk0\DR0\Partition5
13:53:55.0478 0x1938 \Device\Harddisk0\DR0\Partition5 - ok
13:53:55.0510 0x1938 [ 5B7F4CAF404F99E7898B3C340CEA2E6A ] \Device\Harddisk0\DR0\Partition6
13:53:55.0604 0x1938 \Device\Harddisk0\DR0\Partition6 - ok
13:53:55.0650 0x1938 [ 5D323FE3C1576E2AB90E5035C5642513 ] \Device\Harddisk0\DR0\Partition7
13:53:55.0682 0x1938 \Device\Harddisk0\DR0\Partition7 - ok
13:53:55.0697 0x1938 [ 36375F6B34533DC74379956ACE27E827 ] \Device\Harddisk1\DR1\Partition1
13:53:55.0697 0x1938 \Device\Harddisk1\DR1\Partition1 - ok
13:53:55.0697 0x1938 ================ Scan generic autorun ======================
13:53:55.0728 0x1938 [ 33ECE216B2B85850BD00CAD23046C200, 36B5915C213DA22B92C615E944195D628F5A2243969EF7810EC3739EA5655F2A ] C:\WINDOWS\system32\DptfPolicyLpmServiceHelper.exe
13:53:55.0744 0x1938 DptfPolicyLpmServiceHelper - ok
13:53:56.0650 0x1938 [ C6EBBCA79931B19F7C2D4A1B494D4B98, 2E146B8761000E12E29D0BC819BFC9DC7F3589080613773BBB1BA37984EB5C67 ] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
13:53:57.0369 0x1938 RTHDVCPL - ok
13:53:57.0432 0x1938 [ 1E7EBBF7D89DE7979308494FE98EB393, 84619B1A27F72FB5B412528AC247FA1CC174056BB08BF9B2B4749625BFE2688A ] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
13:53:57.0478 0x1938 RtHDVBg - ok
13:53:57.0510 0x1938 [ CFF4C979AA720C73EC93918D9730B9E9, 0DC04ACD258DD5FC4A7EA81AC3F8876675424EC35F7ECB996B7C132BAB430A33 ] C:\WINDOWS\system32\igfxtray.exe
13:53:57.0541 0x1938 IgfxTray - ok
13:53:57.0619 0x1938 [ 4B9D449ED9880477DEFBA85D512E05F9, B50C589A1F8953617FAD961363CA3538F6C0539FA06D7FAA2EA88320410C7F43 ] C:\WINDOWS\system32\hkcmd.exe
13:53:57.0697 0x1938 HotKeysCmds - ok
13:53:57.0775 0x1938 [ 2498449B5CA65A640125164EE0019B14, F4EF4EA34A656984C83DB3BFCD8390ACD76C922A1C253335104C31D371EEDA17 ] C:\WINDOWS\system32\igfxpers.exe
13:53:57.0838 0x1938 Persistence - ok
13:53:58.0088 0x1938 [ 2362B857693DA580E04ECE28F7D67E7E, EABF4B6502A06B94D07E25D78D8CEF8862B7FE5D117F7F145268B95688A02E62 ] C:\Program Files (x86)\ASUS\APRP\APRP.EXE
13:53:58.0338 0x1938 ASUSPRP - detected UnsignedFile.Multi.Generic ( 1 )
13:54:00.0838 0x1938 Detect skipped due to KSN trusted
13:54:00.0838 0x1938 ASUSPRP - ok
13:54:01.0666 0x1938 [ B15880A58755DA0FADB15923013A7957, 4090342AF93538C5F3157605164CF5EC051B6D767B1B7FCCF3265F1D426E88AA ] C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.18.159\AsusWSPanel.exe
13:54:01.0775 0x1938 ASUSWebStorage - ok
13:54:01.0822 0x1938 [ C049C40CAEE8900130BD5F80B594CC7B, F54FC31662A9B8032B380793D534F34A0C63FED9C84DE313D17A61612EB31DC4 ] C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe
13:54:01.0838 0x1938 RemoteControl10 - ok
13:54:01.0885 0x1938 [ 34D296AFC913E302953C70463EF09A48, BC413307CBC56C039EE8A05B51A56E14EF59678FBB33815AEB320078056C8CE7 ] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe
13:54:01.0885 0x1938 HP Software Update - ok
13:54:01.0963 0x1938 [ 369993D4B8C009393A2F9BCBB7BD2587, DD9FBF8C32BB3A29F7062BABA23B84FB9F7395A4AB3FB7001071154CDE92F7D5 ] C:\Program Files (x86)\Windows Mail\wab.exe
13:54:02.0932 0x1938 WAB Migrate - ok
13:54:03.0041 0x1938 [ 7C6D524C78A1722AD987B9E47AC1FEE2, FFDC6C92ABB547D0DCD2621EC423C755A78079B061A41FA1751A56799D1A79A5 ] C:\Users\Martin\AppData\Local\Dropbox\Update\DropboxUpdate.exe
13:54:03.0072 0x1938 Dropbox Update - ok
13:54:03.0072 0x1938 Waiting for KSN requests completion. In queue: 11
13:54:04.0088 0x1938 Waiting for KSN requests completion. In queue: 5
13:54:05.0104 0x1938 Waiting for KSN requests completion. In queue: 5
13:54:06.0135 0x1938 AV detected via SS2: Norton 360 Online, C:\Program Files (x86)\Norton 360\Engine\22.5.2.15\WSCStub.exe ( 22.5.0.0 ), 0x51000 ( enabled : updated )
13:54:06.0135 0x1938 AV detected via SS2: Windows Defender, C:\Program Files\Windows Defender\MSASCui.exe ( 4.8.207.0 ), 0x60100 ( disabled : updated )
13:54:06.0135 0x1938 FW detected via SS2: Norton 360 Online, C:\Program Files (x86)\Norton 360\Engine\22.5.2.15\WSCStub.exe ( 22.5.0.0 ), 0x51010 ( enabled )
13:54:08.0807 0x1938 ============================================================
13:54:08.0807 0x1938 Scan finished
13:54:08.0807 0x1938 ============================================================
13:54:08.0822 0x1854 Detected object count: 0
13:54:08.0822 0x1854 Actual detected object count: 0
|
|
11.09.2015, 06:22
| #5 |
| /// the machine /// TB-Ausbilder | Links über Skype und Mails werden verschickt - aber nicht von mir Downloade Dir bitte  Malwarebytes Anti-Malware
Downloade Dir bitte  AdwCleaner auf deinen Desktop.
Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
und ein frisches FRST log bitte.
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
11.09.2015, 11:24
| #6 |
| | Links über Skype und Mails werden verschickt - aber nicht von mir Hey schrauber, habe deine Schritte durchgeführt. Hier sind die Logs. mbam Code:
ATTFilter Malwarebytes Anti-Malware www.malwarebytes.org Suchlaufdatum: 11.09.2015 Suchlaufzeit: 10:53 Protokolldatei: mbam.txt Administrator: Ja Version: 2.1.8.1057 Malware-Datenbank: v2015.09.11.03 Rootkit-Datenbank: v2015.08.16.01 Lizenz: Kostenlose Version Malware-Schutz: Deaktiviert Schutz vor bösartigen Websites: Deaktiviert Selbstschutz: Deaktiviert Betriebssystem: Windows 8.1 CPU: x64 Dateisystem: NTFS Benutzer: Martin Suchlauftyp: Bedrohungssuchlauf Ergebnis: Abgeschlossen Durchsuchte Objekte: 416176 Abgelaufene Zeit: 32 Min., 8 Sek. Speicher: Aktiviert Start: Aktiviert Dateisystem: Aktiviert Archive: Aktiviert Rootkits: Deaktiviert Heuristik: Aktiviert PUP: Aktiviert PUM: Aktiviert Prozesse: 0 (keine bösartigen Elemente erkannt) Module: 0 (keine bösartigen Elemente erkannt) Registrierungsschlüssel: 5 PUP.Optional.SnapDo, HKU\S-1-5-18\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{006ee092-9658-4fd6-bd8e-a21a348e59f5}, In Quarantäne, [3f60ff2f1f6cd561fa2e24b7f60c738d], PUP.Optional.SnapDo, HKU\S-1-5-21-3515464670-2770779577-3274627398-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{006EE092-9658-4FD6-BD8E-A21A348E59F5}, In Quarantäne, [3f60ff2f1f6cd561fa2e24b7f60c738d], PUP.Optional.SnapDo, HKU\S-1-5-21-3515464670-2770779577-3274627398-1002\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{006EE092-9658-4FD6-BD8E-A21A348E59F5}, In Quarantäne, [3f60ff2f1f6cd561fa2e24b7f60c738d], PUP.Optional.SnapDo, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{006EE092-9658-4FD6-BD8E-A21A348E59F5}, In Quarantäne, [3f60ff2f1f6cd561fa2e24b7f60c738d], PUP.Optional.SnapDo, HKU\S-1-5-21-3515464670-2770779577-3274627398-1002\SOFTWARE\SMARTBAR, In Quarantäne, [d2cd5bd3bad1181ef51ae9cb0afa53ad], Registrierungswerte: 9 PUP.Optional.SmartBar, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\TOOLBAR|{ae07101b-46d4-4a98-af68-0333ea26e113}, Smartbar, In Quarantäne, [f9a68aa47a11181e44992e0848bb926e] PUP.Optional.SnapDo, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{006ee092-9658-4fd6-bd8e-a21a348e59f5}|URL, hxxp://feed.snapdo.com/?p=mKO_AwFzXIpYRbPAMW02fQbYPFkTjj8jzRyB0rQvzyej3yvtCjyXXnQme9oxsQRSyyp0Bt1QtC6RCK2m_xhOoNdhT5HX80anbXrpXhx9ZMHv4UHqa3mV-Mbae8FYx677HOGI2C0AKLnIJ5RTuZ7eLUbH38jx4juB95WT8n2Huoi98GeizMl5RTvpsCzx5KNvS-Ao&q={searchTerms}, In Quarantäne, [f7a89f8f305b92a4b55c6450a75d8080] PUP.Optional.SmartBar, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\TOOLBAR|{ae07101b-46d4-4a98-af68-0333ea26e113}, Smartbar, In Quarantäne, [6f309b939fec3402885592a4ce35fc04] PUP.Optional.SnapDo, HKU\S-1-5-18\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES|DefaultScope, {006ee092-9658-4fd6-bd8e-a21a348e59f5}, In Quarantäne, [069948e69eed39fd8fb7661635cfa759] PUP.Optional.SnapDo, HKU\S-1-5-18\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{006ee092-9658-4fd6-bd8e-a21a348e59f5}|URL, hxxp://feed.snapdo.com/?p=mKO_AwFzXIpYRbPAMW02fQbYPFkTjj8jzRyB0rQvzyej3yvtCjyXXnQme9oxsQRSyyp0Bt1QtC6RCK2m_xhOoNdhT5HX80anbXrpXhx9ZMHv4UHqa3mV-Mbae8FYx677HOGI2C0AKLnIJ5RTuZ7eLUbH38jx4juB95WT8n2Huoi98GeizMl5RTvpsCzx5KNvS-Ao&q={searchTerms}, In Quarantäne, [c5daf5392e5d06303dd06252d72d6f91] PUP.Optional.SnapDo, HKU\S-1-5-21-3515464670-2770779577-3274627398-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES|DefaultScope, {006ee092-9658-4fd6-bd8e-a21a348e59f5}, In Quarantäne, [cbd4be701b70a49276d0027a956f3cc4] PUP.Optional.SnapDo, HKU\S-1-5-21-3515464670-2770779577-3274627398-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{006ee092-9658-4fd6-bd8e-a21a348e59f5}|URL, hxxp://feed.snapdo.com/?p=mKO_AwFzXIpYRbPAMW02fQbYPFkTjj8jzRyB0rQvzyej3yvtCjyXXnQme9oxsQRSyyp0Bt1QtC6RCK2m_xhOoNdhT5HX80anbXrpXhx9ZMHv4UHqa3mV-Mbae8FYx677HOGI2C0AKLnIJ5RTuZ7eLUbH38jx4juB95WT8n2Huoi98GeizMl5RTvpsCzx5KNvS-Ao&q={searchTerms}, In Quarantäne, [9a05949a68233402010c9e1612f2f907] PUP.Optional.SnapDo, HKU\S-1-5-21-3515464670-2770779577-3274627398-1002\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES|DefaultScope, {006ee092-9658-4fd6-bd8e-a21a348e59f5}, In Quarantäne, [1a8553db5c2ff04694b2fb813fc5e719] PUP.Optional.SnapDo, HKU\S-1-5-21-3515464670-2770779577-3274627398-1002\SOFTWARE\SMARTBAR|publisher, SnapdoOCYB, In Quarantäne, [d2cd5bd3bad1181ef51ae9cb0afa53ad] Registrierungsdaten: 8 PUP.Optional.SnapDo, HKU\S-1-5-18\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Start Page, hxxp://feed.snapdo.com/?p=mKO_AwFzXIpYRbPAMW02fQbYPFkTjj8jzRyB0rQvzyej3yvtCjyXXnQme9oxsQRSyyp0Bt1QtC6RCK2m_xhOoNdhT5HX80anbXrpXhx9ZMHv4UHqa3mV-Mbae8FYx677HOGI2CEmL6rtoxP0wNxDbf25PZ9zIrDaSwUP_c91DF6eVHWJFMa8z7Pmrq9gxjmKDOmw, Gut: (www.google.com), Schlecht: (hxxp://feed.snapdo.com/?p=mKO_AwFzXIpYRbPAMW02fQbYPFkTjj8jzRyB0rQvzyej3yvtCjyXXnQme9oxsQRSyyp0Bt1QtC6RCK2m_xhOoNdhT5HX80anbXrpXhx9ZMHv4UHqa3mV-Mbae8FYx677HOGI2CEmL6rtoxP0wNxDbf25PZ9zIrDaSwUP_c91DF6eVHWJFMa8z7Pmrq9gxjmKDOmw),Ersetzt,[178819153c4f84b243ab08626c99ee12] PUP.Optional.SnapDo, HKU\S-1-5-18\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Search Bar, hxxp://feed.snapdo.com/?p=mKO_AwFzXIpYRbPAMW02fQbYPFkTjj8jzRyB0rQvzyej3yvtCjyXXnQme9oxsQRSyyp0Bt1QtC6RCK2m_xhOoNdhT5HX80anbXrpXhx9ZMHv4UHqa3mV-Mbae8FYx677HOGI2C0AKLnIJ5RTuZ7eLUbH38jx4juB95WT8n2Huoi98GeizMl5RTvpsCzx5KNvS-Ao&q={searchTerms}, Gut: (www.google.com), Schlecht: (hxxp://feed.snapdo.com/?p=mKO_AwFzXIpYRbPAMW02fQbYPFkTjj8jzRyB0rQvzyej3yvtCjyXXnQme9oxsQRSyyp0Bt1QtC6RCK2m_xhOoNdhT5HX80anbXrpXhx9ZMHv4UHqa3mV-Mbae8FYx677HOGI2C0AKLnIJ5RTuZ7eLUbH38jx4juB95WT8n2Huoi98GeizMl5RTvpsCzx5KNvS-Ao&q={searchTerms}),Ersetzt,[603fed41ef9c5bdb3eb065050bfa2cd4] PUP.Optional.SnapDo, HKU\S-1-5-18\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Search Page, hxxp://feed.snapdo.com/?p=mKO_AwFzXIpYRbPAMW02fQbYPFkTjj8jzRyB0rQvzyej3yvtCjyXXnQme9oxsQRSyyp0Bt1QtC6RCK2m_xhOoNdhT5HX80anbXrpXhx9ZMHv4UHqa3mV-Mbae8FYx677HOGI2C0AKLnIJ5RTuZ7eLUbH38jx4juB95WT8n2Huoi98GeizMl5RTvpsCzx5KNvS-Ao&q={searchTerms}, Gut: (www.google.com), Schlecht: (hxxp://feed.snapdo.com/?p=mKO_AwFzXIpYRbPAMW02fQbYPFkTjj8jzRyB0rQvzyej3yvtCjyXXnQme9oxsQRSyyp0Bt1QtC6RCK2m_xhOoNdhT5HX80anbXrpXhx9ZMHv4UHqa3mV-Mbae8FYx677HOGI2C0AKLnIJ5RTuZ7eLUbH38jx4juB95WT8n2Huoi98GeizMl5RTvpsCzx5KNvS-Ao&q={searchTerms}),Ersetzt,[801ff03e7f0cee48549adb8f32d37a86] PUP.Optional.SnapDo, HKU\S-1-5-18\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHURL|Default, hxxp://feed.snapdo.com/?p=mKO_AwFzXIpYRbPAMW02fQbYPFkTjj8jzRyB0rQvzyej3yvtCjyXXnQme9oxsQRSyyp0Bt1QtC6RCK2m_xhOoNdhT5HX80anbXrpXhx9ZMHv4UHqa3mV-Mbae8FYx677HOGI2C0AKLnIJ5RTuZ7eLUbH38jx4juB95WT8n2Huoi98GeizMl5RTvpsCzx5KNvS-Ao&q={searchTerms}, Gut: (www.google.com), Schlecht: (hxxp://feed.snapdo.com/?p=mKO_AwFzXIpYRbPAMW02fQbYPFkTjj8jzRyB0rQvzyej3yvtCjyXXnQme9oxsQRSyyp0Bt1QtC6RCK2m_xhOoNdhT5HX80anbXrpXhx9ZMHv4UHqa3mV-Mbae8FYx677HOGI2C0AKLnIJ5RTuZ7eLUbH38jx4juB95WT8n2Huoi98GeizMl5RTvpsCzx5KNvS-Ao&q={searchTerms}),Ersetzt,[9609fc3203883bfb12dd0169ec1918e8] PUP.Optional.SnapDo, HKU\S-1-5-21-3515464670-2770779577-3274627398-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Search Page, hxxp://feed.snapdo.com/?p=mKO_AwFzXIpYRbPAMW02fQbYPFkTjj8jzRyB0rQvzyej3yvtCjyXXnQme9oxsQRSyyp0Bt1QtC6RCK2m_xhOoNdhT5HX80anbXrpXhx9ZMHv4UHqa3mV-Mbae8FYx677HOGI2C0AKLnIJ5RTuZ7eLUbH38jx4juB95WT8n2Huoi98GeizMl5RTvpsCzx5KNvS-Ao&q={searchTerms}, Gut: (www.google.com), Schlecht: (hxxp://feed.snapdo.com/?p=mKO_AwFzXIpYRbPAMW02fQbYPFkTjj8jzRyB0rQvzyej3yvtCjyXXnQme9oxsQRSyyp0Bt1QtC6RCK2m_xhOoNdhT5HX80anbXrpXhx9ZMHv4UHqa3mV-Mbae8FYx677HOGI2C0AKLnIJ5RTuZ7eLUbH38jx4juB95WT8n2Huoi98GeizMl5RTvpsCzx5KNvS-Ao&q={searchTerms}),Ersetzt,[118e4fdf8704a98d717d86e4ff06b64a] PUP.Optional.SnapDo, HKU\S-1-5-21-3515464670-2770779577-3274627398-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Start Page, hxxp://feed.snapdo.com/?p=mKO_AwFzXIpYRbPAMW02fQbYPFkTjj8jzRyB0rQvzyej3yvtCjyXXnQme9oxsQRSyyp0Bt1QtC6RCK2m_xhOoNdhT5HX80anbXrpXhx9ZMHv4UHqa3mV-Mbae8FYx677HOGI2CEmL6rtoxP0wNxDbf25PZ9zIrDaSwUP_c91DF6eVHWJFMa8z7Pmrq9gxjmKDOmw, Gut: (www.google.com), Schlecht: (hxxp://feed.snapdo.com/?p=mKO_AwFzXIpYRbPAMW02fQbYPFkTjj8jzRyB0rQvzyej3yvtCjyXXnQme9oxsQRSyyp0Bt1QtC6RCK2m_xhOoNdhT5HX80anbXrpXhx9ZMHv4UHqa3mV-Mbae8FYx677HOGI2CEmL6rtoxP0wNxDbf25PZ9zIrDaSwUP_c91DF6eVHWJFMa8z7Pmrq9gxjmKDOmw),Ersetzt,[bae51c12a3e85ed86985dd8db64fc23e] PUP.Optional.SnapDo, HKU\S-1-5-21-3515464670-2770779577-3274627398-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Search Bar, hxxp://feed.snapdo.com/?p=mKO_AwFzXIpYRbPAMW02fQbYPFkTjj8jzRyB0rQvzyej3yvtCjyXXnQme9oxsQRSyyp0Bt1QtC6RCK2m_xhOoNdhT5HX80anbXrpXhx9ZMHv4UHqa3mV-Mbae8FYx677HOGI2C0AKLnIJ5RTuZ7eLUbH38jx4juB95WT8n2Huoi98GeizMl5RTvpsCzx5KNvS-Ao&q={searchTerms}, Gut: (www.google.com), Schlecht: (hxxp://feed.snapdo.com/?p=mKO_AwFzXIpYRbPAMW02fQbYPFkTjj8jzRyB0rQvzyej3yvtCjyXXnQme9oxsQRSyyp0Bt1QtC6RCK2m_xhOoNdhT5HX80anbXrpXhx9ZMHv4UHqa3mV-Mbae8FYx677HOGI2C0AKLnIJ5RTuZ7eLUbH38jx4juB95WT8n2Huoi98GeizMl5RTvpsCzx5KNvS-Ao&q={searchTerms}),Ersetzt,[dcc377b7a1ea24126a8459113ec715eb] PUP.Optional.SnapDo, HKU\S-1-5-21-3515464670-2770779577-3274627398-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHURL|Default, hxxp://feed.snapdo.com/?p=mKO_AwFzXIpYRbPAMW02fQbYPFkTjj8jzRyB0rQvzyej3yvtCjyXXnQme9oxsQRSyyp0Bt1QtC6RCK2m_xhOoNdhT5HX80anbXrpXhx9ZMHv4UHqa3mV-Mbae8FYx677HOGI2C0AKLnIJ5RTuZ7eLUbH38jx4juB95WT8n2Huoi98GeizMl5RTvpsCzx5KNvS-Ao&q={searchTerms}, Gut: (www.google.com), Schlecht: (hxxp://feed.snapdo.com/?p=mKO_AwFzXIpYRbPAMW02fQbYPFkTjj8jzRyB0rQvzyej3yvtCjyXXnQme9oxsQRSyyp0Bt1QtC6RCK2m_xhOoNdhT5HX80anbXrpXhx9ZMHv4UHqa3mV-Mbae8FYx677HOGI2C0AKLnIJ5RTuZ7eLUbH38jx4juB95WT8n2Huoi98GeizMl5RTvpsCzx5KNvS-Ao&q={searchTerms}),Ersetzt,[8718ea4499f2cc6a8867006a3ec732ce] Ordner: 3 PUP.Optional.OpenCandy, C:\Users\Martin\AppData\Roaming\OpenCandy, In Quarantäne, [158aca648dfef343442c7182d32f9769], PUP.Optional.OpenCandy, C:\Users\Martin\AppData\Roaming\OpenCandy\577025B4A111493286467D45239E4E02, In Quarantäne, [158aca648dfef343442c7182d32f9769], PUP.Optional.OpenCandy, C:\Users\Martin\AppData\Roaming\OpenCandy\EFA822651D6E468D926AA489BD2B5910, In Quarantäne, [158aca648dfef343442c7182d32f9769], Dateien: 3 PUP.Optional.SmartBar, C:\Windows\Installer\4461df54.msi, In Quarantäne, [d8c71b13dcaf0531d9cedf58c040a55b], PUP.Optional.OpenCandy, C:\Users\Martin\AppData\Roaming\OpenCandy\577025B4A111493286467D45239E4E02\Installer.exe, In Quarantäne, [158aca648dfef343442c7182d32f9769], PUP.Optional.OpenCandy, C:\Users\Martin\AppData\Roaming\OpenCandy\EFA822651D6E468D926AA489BD2B5910\TuneUpUtilities2014_de-DE.exe, In Quarantäne, [158aca648dfef343442c7182d32f9769], Physische Sektoren: 0 (keine bösartigen Elemente erkannt) (end) Code:
ATTFilter # AdwCleaner v5.007 - Bericht erstellt am 11/09/2015 um 11:41:46
# Aktualisiert am 08/09/2015 von Xplode
# Datenbank : 2015-09-10.1 [Server]
# Betriebssystem : Windows 8.1 (x64)
# Benutzername : Martin - MARTIN-LAPTOP
# Gestartet von : C:\Users\Martin\Desktop\AdwCleaner_5.007.exe
# Option : Löschen
# Unterstützung : hxxp://toolslib.net/forum
***** [ Dienste ] *****
***** [ Ordner ] *****
[-] Ordner Gelöscht : C:\ProgramData\{FE8D473A-6F06-4F99-B5F4-BED72B2A038C}
***** [ Dateien ] *****
***** [ Verknüpfungen ] *****
[-] Verknüpfung Desinfiziert : C:\Users\Martin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Search.lnk
***** [ Geplante Tasks ] *****
***** [ Registrierungsdatenbank ] *****
[-] Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Record\{2009AF2F-5786-3067-8799-B97F7832FDD6}
[-] Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Record\{425E7597-03A2-338D-B72A-0E51FFE77A7E}
[-] Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Record\{915BB7D5-082E-3B91-B1E0-45B5FDE01F24}
[-] Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Record\{FB2E65F4-5687-33EF-9BBF-4E3C9C98D3B9}
[-] Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113}
[-] Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113}
[-] Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\3152E1F19977892449DC968802CE8964
[-] Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\649A52D257CA5DB4EAAE8BA9EB23E467
[-] Daten Wiederhergestellt : HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Search [Default_Search_URL]
[-] Daten Wiederhergestellt : HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Search [SearchAssistant]
[!] Daten Nicht Wiederhergestellt : HKU\S-1-5-21-3515464670-2770779577-3274627398-1001\Software\Microsoft\Internet Explorer\Search [Default_Search_URL]
[!] Daten Nicht Wiederhergestellt : HKU\S-1-5-21-3515464670-2770779577-3274627398-1001\Software\Microsoft\Internet Explorer\Search [SearchAssistant]
[-] Daten Wiederhergestellt : HKU\S-1-5-18\Software\Microsoft\Internet Explorer\Search [Default_Search_URL]
[-] Daten Wiederhergestellt : HKU\S-1-5-18\Software\Microsoft\Internet Explorer\Search [SearchAssistant]
***** [ Internetbrowser ] *****
*************************
:: Proxy Einstellungen zurückgesetzt
:: Winsock Einstellungen zurückgesetzt
:: Internet Explorer Richtlinien gelöscht
:: Chrome Richtlinien gelöscht
########## EOF - C:\AdwCleaner\AdwCleaner[C1].txt - [2557 Bytes] ##########
Code:
ATTFilter ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 7.6.0 (08.31.2015:1)
OS: Windows 8.1 x64
Ran by Martin on 11.09.2015 at 11:48:30,07
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~ Services
~~~ Tasks
~~~ Registry Values
Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Search\\SearchAssistant
~~~ Registry Keys
~~~ Files
Successfully deleted: [File] C:\Users\Martin\AppData\Roaming\sp_data.sys
~~~ Folders
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 11.09.2015 at 11:54:38,61
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Code:
ATTFilter Untersuchungsergebnis von Farbar Recovery Scan Tool (FRST) (x64) Version:10-09-2015 01
durchgeführt von Martin (Administrator) auf MARTIN-LAPTOP (11-09-2015 12:07:44)
Gestartet von C:\Users\Martin\Desktop
Geladene Profile: Martin (Verfügbare Profile: UpdatusUser & Martin)
Platform: Windows 8.1 (X64) Sprache: Deutsch (Deutschland)
Internet Explorer Version 11 (Standard-Browser: IE)
Start-Modus: Normal
Anleitung für Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Prozesse (Nicht auf der Ausnahmeliste) =================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Prozess geschlossen. Die Datei wird nicht verschoben.)
(Symantec Corporation) C:\Program Files (x86)\Norton 360\Engine\22.5.2.15\N360.exe
(Symantec Corporation) C:\Program Files (x86)\Norton 360\Engine\22.5.2.15\N360.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Cisco Systems, Inc.) C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Adobe Systems Incorporated) C:\Windows\System32\Macromed\Flash\FlashUtil_ActiveX.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\ASUS Live Update\LiveUpdate.exe
==================== Registry (Nicht auf der Ausnahmeliste) ===========================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt. Die Datei wird nicht verschoben.)
HKLM\...\Run: [DptfPolicyLpmServiceHelper] => C:\WINDOWS\system32\DptfPolicyLpmServiceHelper.exe [79376 2013-07-31] (Intel Corporation)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13776088 2014-12-11] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1391472 2014-12-11] (Realtek Semiconductor)
HKLM-x32\...\Run: [ASUSPRP] => C:\Program Files (x86)\ASUS\APRP\APRP.EXE [3187360 2013-04-26] (ASUSTek Computer Inc.)
HKLM-x32\...\Run: [ASUSWebStorage] => C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.18.159\AsusWSPanel.exe [3576784 2012-12-19] (ASUS Cloud Corporation)
HKLM-x32\...\Run: [RemoteControl10] => C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe [95192 2013-03-08] (CyberLink Corp.)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard)
HKLM-x32\...\Run: [] => [X]
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKLM\...\Policies\Explorer\Run: [BtvStack] => C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe [132736 2013-04-24] (Atheros Communications)
HKU\S-1-5-21-3515464670-2770779577-3274627398-1002\...\Run: [Dropbox Update] => C:\Users\Martin\AppData\Local\Dropbox\Update\DropboxUpdate.exe [134512 2015-07-15] (Dropbox, Inc.)
AppInit_DLLs: C:\Windows\system32\nvinitx.dll => C:\Windows\system32\nvinitx.dll [168616 2013-12-10] (NVIDIA Corporation)
ShellIconOverlayIdentifiers: [ OverlayExcluded] -> {4433A54A-1AC8-432F-90FC-85F045CF383C} => C:\Program Files (x86)\Norton 360\Engine64\22.5.2.15\buShell.dll [2015-07-13] (Symantec Corporation)
ShellIconOverlayIdentifiers: [ OverlayPending] -> {F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225} => C:\Program Files (x86)\Norton 360\Engine64\22.5.2.15\buShell.dll [2015-07-13] (Symantec Corporation)
ShellIconOverlayIdentifiers: [ OverlayProtected] -> {476D0EA3-80F9-48B5-B70B-05E677C9C148} => C:\Program Files (x86)\Norton 360\Engine64\22.5.2.15\buShell.dll [2015-07-13] (Symantec Corporation)
ShellIconOverlayIdentifiers: [!AsusWSShellExt_B] -> {6D4133E5-0742-4ADC-8A8C-9303440F7190} => C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.18.159\ASUSWSShellExt64.dll [2012-09-27] (ASUS Cloud Corporation.)
ShellIconOverlayIdentifiers: [!AsusWSShellExt_O] -> {64174815-8D98-4CE6-8646-4C039977D808} => C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.18.159\ASUSWSShellExt64.dll [2012-09-27] (ASUS Cloud Corporation.)
ShellIconOverlayIdentifiers: [!AsusWSShellExt_U] -> {1C5AB7B1-0B38-4EC4-9093-7FD277E2AF4D} => C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.18.159\ASUSWSShellExt64.dll [2012-09-27] (ASUS Cloud Corporation.)
ShellIconOverlayIdentifiers: ["DropboxExt1"] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Martin\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll [2015-08-14] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt2"] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Martin\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll [2015-08-14] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt3"] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Martin\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll [2015-08-14] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt4"] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Martin\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll [2015-08-14] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt5"] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Martin\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll [2015-08-14] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt6"] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Martin\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll [2015-08-14] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt7"] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Martin\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll [2015-08-14] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt8"] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Martin\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll [2015-08-14] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Martin\AppData\Roaming\Dropbox\bin\DropboxExt.27.dll [2015-08-14] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Martin\AppData\Roaming\Dropbox\bin\DropboxExt.27.dll [2015-08-14] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt3] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Martin\AppData\Roaming\Dropbox\bin\DropboxExt.27.dll [2015-08-14] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt4] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Martin\AppData\Roaming\Dropbox\bin\DropboxExt.27.dll [2015-08-14] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt5] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Martin\AppData\Roaming\Dropbox\bin\DropboxExt.27.dll [2015-08-14] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt6] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Martin\AppData\Roaming\Dropbox\bin\DropboxExt.27.dll [2015-08-14] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt7] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Martin\AppData\Roaming\Dropbox\bin\DropboxExt.27.dll [2015-08-14] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt8] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Martin\AppData\Roaming\Dropbox\bin\DropboxExt.27.dll [2015-08-14] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt1"] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Martin\AppData\Roaming\Dropbox\bin\DropboxExt.27.dll [2015-08-14] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt2"] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Martin\AppData\Roaming\Dropbox\bin\DropboxExt.27.dll [2015-08-14] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt3"] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Martin\AppData\Roaming\Dropbox\bin\DropboxExt.27.dll [2015-08-14] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt4"] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Martin\AppData\Roaming\Dropbox\bin\DropboxExt.27.dll [2015-08-14] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt5"] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Martin\AppData\Roaming\Dropbox\bin\DropboxExt.27.dll [2015-08-14] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt6"] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Martin\AppData\Roaming\Dropbox\bin\DropboxExt.27.dll [2015-08-14] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt7"] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Martin\AppData\Roaming\Dropbox\bin\DropboxExt.27.dll [2015-08-14] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt8"] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Martin\AppData\Roaming\Dropbox\bin\DropboxExt.27.dll [2015-08-14] (Dropbox, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\hpoddt01.exe.lnk [2014-07-21]
ShortcutTarget: hpoddt01.exe.lnk -> C:\Program Files (x86)\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe (Hewlett-Packard)
Startup: C:\Users\Martin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Tintenwarnungen überwachen - HP Officejet Pro 8610.lnk [2015-07-04]
ShortcutTarget: Tintenwarnungen überwachen - HP Officejet Pro 8610.lnk -> C:\Program Files\HP\HP Officejet Pro 8610\Bin\HPStatusBL.dll (Hewlett-Packard Development Company, LP)
==================== Internet (Nicht auf der Ausnahmeliste) ====================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Eintrag entfernt oder auf den Standardwert zurückgesetzt, wenn es sich um einen Registryeintrag handelt..)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1
Tcpip\..\Interfaces\{08FE31C7-FE0C-474C-9C6C-CCC50F44AABB}: [DhcpNameServer] 192.168.2.1
Tcpip\..\Interfaces\{B9F03622-55EC-4EE5-81B5-0FB25A5E26C1}: [DhcpNameServer] 30.50.1.1 30.50.1.2
Internet Explorer:
==================
HKU\S-1-5-21-3515464670-2770779577-3274627398-1002\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.bing.com/search?q={searchTerms}
HKU\S-1-5-21-3515464670-2770779577-3274627398-1002\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://t.asus13.de.msn.com/?pc=asu2js&ocid=asudhp
HKU\S-1-5-21-3515464670-2770779577-3274627398-1002\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://asus13.msn.com
HKU\S-1-5-21-3515464670-2770779577-3274627398-1002\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.bing.com/search?q={searchTerms}
SearchScopes: HKLM-x32 -> DefaultScope {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL =
SearchScopes: HKU\S-1-5-21-3515464670-2770779577-3274627398-1002 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll [2015-07-14] (Microsoft Corporation)
BHO: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton 360\Engine64\22.5.2.15\coIEPlg.dll [2015-07-10] (Symantec Corporation)
BHO: CIESpeechBHO Class -> {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} -> C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll [2013-04-24] (Qualcomm Atheros Commnucations)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL [2015-07-14] (Microsoft Corporation)
BHO-x32: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton 360\Engine\22.5.2.15\coIEPlg.dll [2015-07-10] (Symantec Corporation)
BHO-x32: Norton Vulnerability Protection -> {6D53EC84-6AAE-4787-AEEE-F4628F01010C} -> C:\Program Files (x86)\Norton 360\Engine\21.7.0.11\IPS\IPSBHO.DLL Keine Datei
Toolbar: HKLM - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine64\22.5.2.15\coIEPlg.dll [2015-07-10] (Symantec Corporation)
Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine\22.5.2.15\coIEPlg.dll [2015-07-10] (Symantec Corporation)
Toolbar: HKU\S-1-5-21-3515464670-2770779577-3274627398-1002 -> Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine64\22.5.2.15\coIEPlg.dll [2015-07-10] (Symantec Corporation)
DPF: HKLM-x32 {0D41B8C5-2599-4893-8183-00195EC8D5F9} hxxp://support.asus.com/select/asusTek_sys_ctrl3.cab
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL [2015-02-03] (Microsoft Corporation)
FireFox:
========
FF ProfilePath: C:\Users\Martin\AppData\Roaming\Mozilla\Firefox\Profiles\2q61wmip.default
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2013-08-08] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2013-08-08] (Intel Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL [2014-04-18] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3505.0912 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-09-12] (Microsoft Corporation)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll [2012-10-12] ()
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2015-06-29] (Adobe Systems Inc.)
FF HKLM-x32\...\Firefox\Extensions: [{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_22.5.2.15\coFFPlgn
FF Extension: Norton Toolbar - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_22.5.2.15\coFFPlgn [2015-09-11]
FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK
Chrome:
=======
CHR HKLM\...\Chrome\Extension: [cjabmdjcfcfdmffimndhafhblfmpjdpe] - C:\Program Files (x86)\Norton 360\Engine\22.5.2.15\Exts\Chrome.crx [2015-08-10]
CHR HKLM\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - https://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [cjabmdjcfcfdmffimndhafhblfmpjdpe] - C:\Program Files (x86)\Norton 360\Engine\22.5.2.15\Exts\Chrome.crx [2015-08-10]
CHR HKLM-x32\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - https://clients2.google.com/service/update2/crx
==================== Dienste (Nicht auf der Ausnahmeliste) ========================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
S2 ASUS InstantOn; C:\Program Files\ASUS\P4G\InsOnSrv.exe [277120 2013-07-23] (ASUS)
S2 Asus WebStorage Windows Service; C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.18.159\AsusWSWinService.exe [72192 2012-12-19] () [Datei ist nicht signiert]
S2 AtherosSvc; C:\Program Files (x86)\Bluetooth Suite\adminservice.exe [310400 2013-04-24] (Windows (R) Win 7 DDK provider) [Datei ist nicht signiert]
S2 cjpcsc; C:\WINDOWS\SysWOW64\cjpcsc.exe [557056 2015-06-16] (REINER SCT)
R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2765496 2015-07-14] (Microsoft Corporation)
S2 DptfParticipantProcessorService; C:\Windows\system32\DptfParticipantProcessorService.exe [83032 2013-07-31] (Intel Corporation)
S2 DptfPolicyConfigTDPService; C:\Windows\system32\DptfPolicyConfigTDPService.exe [100032 2013-07-31] (Intel Corporation)
S2 DptfPolicyCriticalService; C:\Windows\system32\DptfPolicyCriticalService.exe [84568 2013-07-31] (Intel Corporation)
S2 DptfPolicyLpmService; C:\Windows\system32\DptfPolicyLpmService.exe [92864 2013-07-31] (Intel Corporation)
S2 ExpressCache; C:\Program Files\Condusiv Technologies\ExpressCache\ExpressCache.exe [107944 2013-01-08] (Condusiv Technologies)
R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [733696 2013-05-11] (Intel(R) Corporation) [Datei ist nicht signiert]
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [822232 2013-05-11] (Intel(R) Corporation)
S2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [131544 2013-08-08] (Intel Corporation)
S3 iumsvc; C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\iumsvc.exe [174368 2014-02-28] ()
S2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [169432 2013-08-08] (Intel Corporation)
S2 MBAMService; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe [1133880 2015-06-18] (Malwarebytes Corporation)
R2 N360; C:\Program Files (x86)\Norton 360\Engine\22.5.2.15\N360.exe [282016 2015-07-16] (Symantec Corporation)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366552 2015-07-07] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2015-07-07] (Microsoft Corporation)
S2 ZAtheros Bt and Wlan Coex Agent; C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [323584 2013-04-24] (Atheros) [Datei ist nicht signiert]
===================== Treiber (Nicht auf der Ausnahmeliste) ==========================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
R3 ATP; C:\Windows\System32\drivers\AsusTP.sys [69392 2013-08-08] (ASUS Corporation)
R1 BHDrvx64; C:\Program Files (x86)\Norton 360\NortonData\22.5.2.15\Definitions\BASHDefs\20150904.001\BHDrvx64.sys [1650936 2015-07-23] (Symantec Corporation)
S3 BTATH_LWFLT; C:\Windows\system32\DRIVERS\btath_lwflt.sys [77464 2013-04-24] (Qualcomm Atheros)
S3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [226304 2014-11-21] (Microsoft Corporation)
R1 ccSet_N360; C:\Windows\system32\drivers\N360x64\1605020.00F\ccSetx64.sys [173808 2015-07-11] (Symantec Corporation)
S3 cjusb; C:\Windows\system32\DRIVERS\cjusb.sys [36112 2015-03-23] (REINER SCT)
R3 DptfDevDram; C:\Windows\system32\DRIVERS\DptfDevDram.sys [68072 2013-07-31] (Intel Corporation)
R3 DptfDevPch; C:\Windows\system32\DRIVERS\DptfDevPch.sys [57216 2013-07-31] (Intel Corporation)
R3 DptfDevProc; C:\Windows\system32\DRIVERS\DptfDevProc.sys [120256 2013-07-31] (Intel Corporation)
R3 DptfManager; C:\Windows\system32\DRIVERS\DptfManager.sys [200808 2013-07-31] (Intel Corporation)
S0 ebdrv; C:\Windows\System32\drivers\evbda.sys [3357024 2013-08-22] (Broadcom Corporation)
R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [498512 2015-07-27] (Symantec Corporation)
R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [153936 2015-07-27] (Symantec Corporation)
R1 excfs; C:\Windows\System32\DRIVERS\excfs.sys [26024 2013-01-08] (Condusiv Technologies)
R0 excsd; C:\Windows\System32\DRIVERS\excsd.sys [112552 2013-01-08] (Condusiv Technologies)
R1 IDSVia64; C:\Program Files (x86)\Norton 360\NortonData\22.5.2.15\Definitions\IPSDefs\20150910.001\IDSvia64.sys [767224 2015-08-29] (Symantec Corporation)
R3 kbfiltr; C:\Windows\System32\drivers\kbfiltr.sys [14992 2012-08-02] ( )
R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [25816 2015-06-18] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\WINDOWS\system32\drivers\mwac.sys [64216 2015-06-18] (Malwarebytes Corporation)
R3 MEIx64; C:\Windows\system32\DRIVERS\TeeDriverx64.sys [99288 2013-12-19] (Intel Corporation)
R3 NAVENG; C:\Program Files (x86)\Norton 360\NortonData\22.5.2.15\Definitions\VirusDefs\20150910.001\ENG64.SYS [138488 2015-05-20] (Symantec Corporation)
R3 NAVEX15; C:\Program Files (x86)\Norton 360\NortonData\22.5.2.15\Definitions\VirusDefs\20150910.001\EX64.SYS [2146040 2015-05-20] (Symantec Corporation)
R2 plctrl; C:\Program Files\ASUS\P4G\plctrl.sys [14136 2013-07-23] (Windows (R) Win 7 DDK provider)
S3 scvad_simple; C:\Windows\system32\drivers\SplitCamAudio.sys [23552 2014-06-30] (Windows (R) Win 7 DDK provider)
S3 splitcam_hd_driver; C:\Windows\system32\DRIVERS\splitcam_hd_driver.sys [37496 2014-06-30] (Windows (R) Win 7 DDK provider)
R1 SRTSP; C:\Windows\System32\Drivers\N360x64\1605020.00F\SRTSP64.SYS [926448 2015-07-11] (Symantec Corporation)
R1 SRTSPX; C:\Windows\system32\drivers\N360x64\1605020.00F\SRTSPX64.SYS [50936 2015-07-11] (Symantec Corporation)
R0 SymEFASI; C:\Windows\System32\drivers\N360x64\1605020.00F\SYMEFASI64.SYS [1620720 2015-07-11] (Symantec Corporation)
S0 SymELAM; C:\Windows\System32\drivers\N360x64\1605020.00F\SymELAM.sys [24192 2015-07-11] (Symantec Corporation)
R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [111344 2015-08-10] (Symantec Corporation)
R1 SymIRON; C:\Windows\system32\drivers\N360x64\1605020.00F\Ironx64.SYS [297720 2015-07-11] (Symantec Corporation)
R1 SymNetS; C:\Windows\System32\Drivers\N360x64\1605020.00F\SYMNETS.SYS [576248 2015-07-11] (Symantec Corporation)
S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [44560 2015-07-07] (Microsoft Corporation)
S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [270168 2015-07-07] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114520 2015-07-07] (Microsoft Corporation)
==================== NetSvcs (Nicht auf der Ausnahmeliste) ===================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
==================== Ein Monat: Erstellte Dateien und Ordner ========
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)
2015-09-11 12:07 - 2015-09-11 12:07 - 00022572 _____ C:\Users\Martin\Desktop\FRST.txt
2015-09-11 12:01 - 2015-09-11 12:03 - 00000000 ____D C:\Users\Martin\Desktop\FRST-OlderVersion
2015-09-11 11:54 - 2015-09-11 11:54 - 00000793 _____ C:\Users\Martin\Desktop\JRT.txt
2015-09-11 11:46 - 2015-09-11 11:46 - 01799392 _____ (Malwarebytes Corporation) C:\Users\Martin\Desktop\JRT_7600.exe
2015-09-11 11:44 - 2015-09-11 11:44 - 00002648 _____ C:\Users\Martin\Desktop\AdwCleaner[C1].txt
2015-09-11 11:39 - 2015-09-11 11:41 - 00000000 ____D C:\AdwCleaner
2015-09-11 11:35 - 2015-09-11 11:35 - 01660416 _____ C:\Users\Martin\Desktop\AdwCleaner_5.007.exe
2015-09-11 11:32 - 2015-09-11 11:32 - 00010559 _____ C:\Users\Martin\Desktop\mbam.txt
2015-09-11 10:51 - 2015-09-11 10:51 - 00001120 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2015-09-11 10:51 - 2015-09-11 10:51 - 00000000 ____D C:\Program Files (x86)\ Malwarebytes Anti-Malware
2015-09-11 10:51 - 2015-06-18 08:42 - 00064216 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mwac.sys
2015-09-11 10:51 - 2015-06-18 08:41 - 00025816 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys
2015-09-10 14:08 - 2015-09-10 14:09 - 00121389 _____ C:\Users\Martin\Desktop\TDSSKiller.txt
2015-09-10 13:49 - 2015-09-10 13:49 - 04404952 _____ (Kaspersky Lab ZAO) C:\Users\Martin\Desktop\tdsskiller.exe
2015-09-10 12:44 - 2015-09-11 11:29 - 00113880 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2015-09-10 12:44 - 2015-09-11 10:51 - 00000000 ____D C:\ProgramData\Malwarebytes
2015-09-10 12:44 - 2015-09-10 13:47 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2015-09-10 12:42 - 2015-06-18 08:41 - 00109272 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2015-09-10 12:41 - 2015-09-10 13:47 - 00000000 ____D C:\Users\Martin\Desktop\mbar
2015-09-10 12:40 - 2015-09-10 12:40 - 16563304 _____ (Malwarebytes Corp.) C:\Users\Martin\Desktop\mbar-1.09.2.1008.exe
2015-09-10 12:30 - 2015-09-10 12:30 - 00001286 _____ C:\Users\Martin\Desktop\Revo Uninstaller.lnk
2015-09-10 12:30 - 2015-09-10 12:30 - 00000000 ____D C:\Program Files (x86)\VS Revo Group
2015-09-10 11:41 - 2015-09-10 11:41 - 00266776 _____ C:\Users\Martin\Desktop\Norton.txt
2015-09-10 11:38 - 2015-09-10 11:38 - 00003829 _____ C:\Users\Martin\Desktop\Gmer.txt
2015-09-10 11:32 - 2015-09-10 11:32 - 00380416 _____ C:\Users\Martin\Desktop\Gmer-19357.exe
2015-09-10 11:25 - 2015-09-11 12:01 - 00000474 _____ C:\Users\Martin\Desktop\defogger_disable.log
2015-09-10 10:30 - 2015-09-11 12:07 - 00000000 ____D C:\FRST
2015-09-10 10:29 - 2015-09-11 12:01 - 02190848 _____ (Farbar) C:\Users\Martin\Desktop\FRST64.exe
2015-09-10 10:26 - 2015-09-10 10:26 - 00050477 _____ C:\Users\Martin\Desktop\Defogger.exe
2015-09-10 10:26 - 2015-09-10 10:26 - 00000000 _____ C:\Users\Martin\defogger_reenable
2015-09-09 22:52 - 2015-09-09 23:49 - 00000000 ____D C:\Users\Martin\AppData\Local\NPE
2015-09-09 13:50 - 2015-09-03 04:18 - 02531400 _____ (Microsoft Corporation) C:\WINDOWS\system32\msxml6.dll
2015-09-09 13:50 - 2015-09-03 04:17 - 01903848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxml6.dll
2015-09-09 13:50 - 2015-09-02 20:48 - 02345472 _____ (Microsoft Corporation) C:\WINDOWS\system32\msxml3.dll
2015-09-09 13:50 - 2015-09-02 19:09 - 01556992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxml3.dll
2015-09-09 13:50 - 2015-08-27 04:48 - 00136904 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
2015-09-09 13:50 - 2015-08-26 20:00 - 00721920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapi.dll
2015-09-09 13:50 - 2015-08-26 20:00 - 00124928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuwebv.dll
2015-09-09 13:50 - 2015-08-26 20:00 - 00081920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wudriver.dll
2015-09-09 13:50 - 2015-08-26 20:00 - 00029696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapp.exe
2015-09-09 13:50 - 2015-08-26 16:46 - 03705344 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2015-09-09 13:50 - 2015-08-26 16:29 - 02240512 _____ (Microsoft Corporation) C:\WINDOWS\system32\wucltux.dll
2015-09-09 13:50 - 2015-08-26 16:27 - 00891904 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll
2015-09-09 13:50 - 2015-08-26 16:27 - 00409088 _____ (Microsoft Corporation) C:\WINDOWS\system32\WUSettingsProvider.dll
2015-09-09 13:50 - 2015-08-26 16:26 - 00140288 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuwebv.dll
2015-09-09 13:50 - 2015-08-26 16:26 - 00095744 _____ (Microsoft Corporation) C:\WINDOWS\system32\wudriver.dll
2015-09-09 13:50 - 2015-08-26 16:26 - 00035840 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapp.exe
2015-09-09 13:50 - 2015-08-22 20:19 - 25188352 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2015-09-09 13:50 - 2015-08-22 19:35 - 02886144 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2015-09-09 13:50 - 2015-08-22 19:22 - 19856384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2015-09-09 13:50 - 2015-08-22 19:20 - 05923840 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2015-09-09 13:50 - 2015-08-22 18:50 - 02279424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2015-09-09 13:50 - 2015-08-22 18:41 - 14451712 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2015-09-09 13:50 - 2015-08-22 18:28 - 04520448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2015-09-09 13:50 - 2015-08-22 18:26 - 02427392 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2015-09-09 13:50 - 2015-08-22 18:22 - 12857344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2015-09-09 13:50 - 2015-07-30 19:18 - 00268288 _____ (Microsoft Corporation) C:\WINDOWS\system32\InkEd.dll
2015-09-09 13:50 - 2015-07-30 18:22 - 00230912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InkEd.dll
2015-09-09 13:49 - 2015-09-02 04:56 - 04175872 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2015-09-09 13:49 - 2015-09-02 04:55 - 00358912 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\atmfd.dll
2015-09-09 13:49 - 2015-09-02 04:50 - 00044032 _____ (Adobe Systems) C:\WINDOWS\system32\atmlib.dll
2015-09-09 13:49 - 2015-09-02 04:17 - 00301568 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\atmfd.dll
2015-09-09 13:49 - 2015-09-02 04:13 - 00035840 _____ (Adobe Systems) C:\WINDOWS\SysWOW64\atmlib.dll
2015-09-09 13:49 - 2015-08-22 19:34 - 00585216 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2015-09-09 13:49 - 2015-08-22 19:21 - 00817664 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2015-09-09 13:49 - 2015-08-22 18:55 - 00504832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2015-09-09 13:49 - 2015-08-22 18:50 - 01032704 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcomm.dll
2015-09-09 13:49 - 2015-08-22 18:45 - 00665600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2015-09-09 13:49 - 2015-08-22 18:44 - 00262144 _____ (Microsoft Corporation) C:\WINDOWS\system32\webcheck.dll
2015-09-09 13:49 - 2015-08-22 18:41 - 00801280 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2015-09-09 13:49 - 2015-08-22 18:41 - 00720384 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2015-09-09 13:49 - 2015-08-22 18:41 - 00374784 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2015-09-09 13:49 - 2015-08-22 18:39 - 02126336 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2015-09-09 13:49 - 2015-08-22 18:23 - 00880128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcomm.dll
2015-09-09 13:49 - 2015-08-22 18:20 - 00230400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webcheck.dll
2015-09-09 13:49 - 2015-08-22 18:18 - 02052608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2015-09-09 13:49 - 2015-08-22 18:18 - 00689152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2015-09-09 13:49 - 2015-08-22 18:18 - 00327168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
2015-09-09 13:49 - 2015-08-22 18:14 - 01545728 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2015-09-09 13:49 - 2015-08-22 18:01 - 00800768 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2015-09-09 13:49 - 2015-08-22 18:00 - 01951232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2015-09-09 13:49 - 2015-08-22 17:56 - 01310720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2015-09-09 13:49 - 2015-08-22 17:55 - 00710144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2015-09-09 13:49 - 2015-08-03 23:15 - 00074928 _____ (Microsoft Corporation) C:\WINDOWS\system32\appidapi.dll
2015-09-09 13:49 - 2015-08-03 23:15 - 00065600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\appidapi.dll
2015-09-09 13:49 - 2015-08-01 16:22 - 00039936 _____ (Microsoft Corporation) C:\WINDOWS\system32\appidsvc.dll
2015-09-09 13:49 - 2015-08-01 05:47 - 00229376 _____ (Microsoft Corporation) C:\WINDOWS\system32\schtasks.exe
2015-09-09 13:49 - 2015-08-01 05:45 - 00182784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\schtasks.exe
2015-09-09 13:49 - 2015-08-01 05:38 - 01265152 _____ (Microsoft Corporation) C:\WINDOWS\system32\schedsvc.dll
2015-09-09 13:49 - 2015-08-01 05:37 - 00468992 _____ (Microsoft Corporation) C:\WINDOWS\system32\taskeng.exe
2015-09-09 13:49 - 2015-08-01 05:37 - 00359936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\taskeng.exe
2015-09-09 13:49 - 2015-07-22 16:34 - 02775552 _____ (Microsoft Corporation) C:\WINDOWS\system32\authui.dll
2015-09-09 13:49 - 2015-07-22 16:33 - 01728000 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Immersive.dll
2015-09-09 13:49 - 2015-07-22 16:25 - 02461184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\authui.dll
2015-09-09 13:49 - 2015-07-22 16:25 - 01546752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Immersive.dll
2015-09-09 13:49 - 2015-07-18 20:31 - 00194048 _____ (Microsoft Corporation) C:\WINDOWS\system32\shacct.dll
2015-09-09 13:49 - 2015-07-18 20:29 - 00655872 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSync.dll
2015-09-09 13:49 - 2015-07-18 20:29 - 00148480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shacct.dll
2015-09-09 13:49 - 2015-07-18 20:27 - 00520192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSync.dll
2015-09-05 20:39 - 2015-09-05 20:39 - 00000000 ____D C:\Users\Martin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2015-08-25 11:36 - 2015-08-25 11:36 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2015-08-25 11:20 - 2015-08-27 15:42 - 00000000 ____D C:\Users\Martin\Desktop\Blühmischung Haselrain 2015
2015-08-22 14:16 - 2015-07-22 16:19 - 00041984 _____ (Microsoft Corporation) C:\WINDOWS\system32\UtcResources.dll
2015-08-22 14:16 - 2015-07-22 15:52 - 01633792 _____ (Microsoft Corporation) C:\WINDOWS\system32\diagtrack.dll
2015-08-22 14:16 - 2015-07-17 16:15 - 00951296 _____ (Microsoft Corporation) C:\WINDOWS\system32\tdh.dll
2015-08-22 14:16 - 2015-07-17 16:10 - 00749568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tdh.dll
2015-08-22 14:16 - 2015-07-03 23:51 - 01380056 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32.dll
2015-08-22 14:16 - 2015-07-03 16:00 - 01097216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32.dll
2015-08-22 14:16 - 2015-06-27 13:47 - 00118616 _____ (Microsoft Corporation) C:\WINDOWS\system32\consent.exe
2015-08-22 14:16 - 2015-06-19 19:07 - 02819072 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers.dll
2015-08-22 14:15 - 2015-07-14 05:27 - 00063488 _____ (Microsoft Corporation) C:\WINDOWS\system32\tzsync.exe
2015-08-22 14:15 - 2015-07-13 21:10 - 00411455 _____ C:\WINDOWS\system32\ApnDatabase.xml
2015-08-22 14:15 - 2015-07-10 21:06 - 00118272 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bthpan.sys
2015-08-22 14:15 - 2015-07-09 18:14 - 00228864 _____ (Microsoft Corporation) C:\WINDOWS\system32\profsvc.dll
2015-08-22 14:01 - 2015-07-30 16:04 - 00124624 _____ (Microsoft Corporation) C:\WINDOWS\system32\PresentationCFFRasterizerNative_v0300.dll
2015-08-22 14:01 - 2015-07-30 15:48 - 00103120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PresentationCFFRasterizerNative_v0300.dll
2015-08-22 13:49 - 2015-07-16 22:36 - 00417792 _____ (Microsoft Corporation) C:\WINDOWS\system32\html.iec
2015-08-22 13:49 - 2015-07-16 22:23 - 00615936 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieui.dll
2015-08-22 13:49 - 2015-07-16 21:53 - 00145408 _____ (Microsoft Corporation) C:\WINDOWS\system32\iepeers.dll
2015-08-22 13:49 - 2015-07-16 21:50 - 00341504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\html.iec
2015-08-22 13:49 - 2015-07-16 21:41 - 00479232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieui.dll
2015-08-22 13:49 - 2015-07-16 21:14 - 02880000 _____ (Microsoft Corporation) C:\WINDOWS\system32\actxprxy.dll
2015-08-22 13:49 - 2015-07-16 20:52 - 01048576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\actxprxy.dll
2015-08-22 13:49 - 2015-07-16 02:29 - 07458648 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2015-08-22 13:49 - 2015-07-16 02:29 - 01735000 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll
2015-08-22 13:49 - 2015-07-16 02:29 - 00101720 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mountmgr.sys
2015-08-22 13:49 - 2015-07-16 02:28 - 01499920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll
2015-08-22 13:49 - 2015-07-10 19:54 - 01217024 _____ (Microsoft Corporation) C:\WINDOWS\system32\sysmain.dll
2015-08-22 13:48 - 2015-07-07 11:40 - 00270168 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WdFilter.sys
2015-08-22 13:48 - 2015-07-07 11:40 - 00114520 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WdNisDrv.sys
2015-08-22 13:48 - 2015-07-07 11:40 - 00044560 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WdBoot.sys
2015-08-22 13:48 - 2015-07-02 00:19 - 00228864 _____ (Microsoft Corporation) C:\WINDOWS\system32\WebClnt.dll
2015-08-22 13:48 - 2015-07-02 00:16 - 00104448 _____ (Microsoft Corporation) C:\WINDOWS\system32\davclnt.dll
2015-08-22 13:48 - 2015-07-01 23:37 - 00198656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WebClnt.dll
2015-08-22 13:48 - 2015-07-01 23:35 - 00087040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\davclnt.dll
2015-08-22 13:47 - 2015-07-29 16:37 - 01994752 _____ (Microsoft Corporation) C:\WINDOWS\system32\DWrite.dll
2015-08-22 13:47 - 2015-07-29 16:30 - 01381888 _____ (Microsoft Corporation) C:\WINDOWS\system32\FntCache.dll
2015-08-22 13:47 - 2015-07-29 16:23 - 01559552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DWrite.dll
2015-08-22 13:47 - 2015-07-13 21:46 - 00059392 _____ (Microsoft Corporation) C:\WINDOWS\system32\csrsrv.dll
2015-08-22 13:47 - 2015-07-13 21:45 - 00059392 _____ (Microsoft Corporation) C:\WINDOWS\system32\basesrv.dll
2015-08-22 13:47 - 2015-07-10 20:19 - 01101824 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdvidcrl.dll
2015-08-22 13:47 - 2015-07-10 19:14 - 00856064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rdvidcrl.dll
2015-08-22 13:47 - 2015-07-10 19:13 - 07032320 _____ (Microsoft Corporation) C:\WINDOWS\system32\mstscax.dll
2015-08-22 13:47 - 2015-07-10 18:31 - 06213120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mstscax.dll
2015-08-22 13:47 - 2015-07-09 19:13 - 00221184 _____ (Microsoft Corporation) C:\WINDOWS\system32\notepad.exe
2015-08-22 13:47 - 2015-07-09 19:13 - 00221184 _____ (Microsoft Corporation) C:\WINDOWS\notepad.exe
2015-08-22 13:47 - 2015-07-09 18:30 - 00212992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\notepad.exe
2015-08-13 12:06 - 2015-08-25 16:43 - 00000000 ____D C:\Users\Martin\Desktop\BA Präsentation
==================== Ein Monat: Geänderte Dateien und Ordner ========
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)
2015-09-11 12:00 - 2015-05-15 12:01 - 00003474 _____ C:\WINDOWS\System32\Tasks\ASUS Live Update1
2015-09-11 12:00 - 2015-05-15 12:01 - 00003464 _____ C:\WINDOWS\System32\Tasks\ASUS Live Update2
2015-09-11 12:00 - 2013-08-22 17:36 - 00000000 ____D C:\WINDOWS\system32\sru
2015-09-11 11:55 - 2015-01-20 21:08 - 01467049 _____ C:\WINDOWS\WindowsUpdate.log
2015-09-11 11:47 - 2014-03-21 17:29 - 00003598 _____ C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-3515464670-2770779577-3274627398-1002
2015-09-11 11:42 - 2014-11-20 20:24 - 00094040 _____ C:\WINDOWS\PFRO.log
2015-09-11 11:42 - 2013-08-22 16:46 - 00355372 _____ C:\WINDOWS\setupact.log
2015-09-11 11:42 - 2013-08-22 16:45 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2015-09-11 11:41 - 2014-06-02 18:13 - 00001118 _____ C:\Users\Martin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Search.lnk
2015-09-11 11:37 - 2015-07-15 14:26 - 00001256 _____ C:\WINDOWS\Tasks\DropboxUpdateTaskUserS-1-5-21-3515464670-2770779577-3274627398-1002UA.job
2015-09-11 11:27 - 2012-07-26 10:12 - 00000000 ___HD C:\WINDOWS\ELAMBKUP
2015-09-11 11:27 - 2012-07-26 10:12 - 00000000 ____D C:\WINDOWS\TAPI
2015-09-11 09:28 - 2014-11-21 05:35 - 01776918 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2015-09-11 09:28 - 2014-11-21 04:45 - 00773008 _____ C:\WINDOWS\system32\perfh007.dat
2015-09-11 09:28 - 2014-11-21 04:45 - 00162310 _____ C:\WINDOWS\system32\perfc007.dat
2015-09-10 14:35 - 2015-01-21 11:45 - 00000000 ____D C:\WINDOWS\Minidump
2015-09-10 14:35 - 2014-03-11 01:33 - 00232642 ____N C:\WINDOWS\Minidump\091015-68250-01.dmp
2015-09-10 10:37 - 2015-07-15 14:26 - 00001204 _____ C:\WINDOWS\Tasks\DropboxUpdateTaskUserS-1-5-21-3515464670-2770779577-3274627398-1002Core.job
2015-09-10 10:26 - 2015-01-20 21:15 - 00000000 ____D C:\Users\Martin
2015-09-09 23:47 - 2014-03-23 20:18 - 00000000 ____D C:\Program Files (x86)\Scoretec
2015-09-09 23:39 - 2013-08-22 15:25 - 00262144 ___SH C:\WINDOWS\system32\config\BBI
2015-09-09 22:53 - 2014-03-21 19:13 - 00000000 ____D C:\ProgramData\Norton
2015-09-09 14:31 - 2013-08-22 16:44 - 00483672 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2015-09-09 14:31 - 2013-08-22 15:25 - 00262144 ___SH C:\WINDOWS\system32\config\ELAM
2015-09-09 14:29 - 2014-11-21 05:13 - 00000000 ____D C:\Program Files\Windows Journal
2015-09-09 14:29 - 2013-08-22 17:36 - 00000000 ____D C:\WINDOWS\PolicyDefinitions
2015-09-09 14:01 - 2012-07-26 09:59 - 00000000 ____D C:\WINDOWS\CbsTemp
2015-09-09 13:55 - 2014-04-18 19:47 - 00000000 ____D C:\WINDOWS\system32\MRT
2015-09-08 19:33 - 2014-07-01 16:17 - 00000000 ____D C:\Users\Martin\AppData\Local\CrashDumps
2015-09-08 16:49 - 2014-12-03 19:22 - 00000000 ____D C:\Users\Martin\AppData\Roaming\Skype
2015-09-07 10:27 - 2015-08-03 17:32 - 00000000 ____D C:\Users\Martin\Desktop\KiBiWo 2015
2015-09-05 20:39 - 2014-07-18 18:33 - 00000000 ____D C:\Users\Martin\AppData\Roaming\Dropbox
2015-09-05 20:14 - 2013-10-05 22:54 - 00000000 ____D C:\Program Files (x86)\Bluetooth Suite
2015-09-04 17:49 - 2014-03-11 02:05 - 00000000 ____D C:\Users\Martin\AppData\Local\Packages
2015-09-02 18:27 - 2014-04-27 15:49 - 00000000 ____D C:\Users\Martin\Documents\Kürbisschilder
2015-09-02 18:12 - 2014-04-27 15:50 - 00011294 _____ C:\Users\Martin\Documents\Verkaufsliste.xlsx
2015-08-29 10:25 - 2014-04-27 15:59 - 00000000 ____D C:\Users\Martin\Desktop\KGR
2015-08-27 16:07 - 2014-04-27 15:50 - 00000000 ____D C:\Users\Martin\Documents\Agrardieselvergütung
2015-08-27 10:50 - 2014-04-27 15:59 - 00000000 ____D C:\Users\Martin\Desktop\Kinderkirche
2015-08-26 18:37 - 2014-04-18 19:47 - 134753440 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2015-08-25 11:36 - 2014-12-03 19:22 - 00002715 _____ C:\Users\Public\Desktop\Skype.lnk
2015-08-25 11:36 - 2014-12-03 19:22 - 00000000 ___RD C:\Program Files (x86)\Skype
2015-08-25 11:36 - 2014-12-03 19:21 - 00000000 ____D C:\ProgramData\Skype
2015-08-22 14:05 - 2014-05-20 11:39 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2015-08-22 14:05 - 2014-05-20 11:39 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2015-08-22 14:04 - 2013-08-22 17:36 - 00000000 ___RD C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2015-08-22 14:04 - 2013-08-22 17:36 - 00000000 ___RD C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2015-08-22 14:04 - 2013-08-22 17:36 - 00000000 ____D C:\Program Files\Windows Defender
2015-08-22 14:04 - 2013-08-22 17:36 - 00000000 ____D C:\Program Files (x86)\Windows Defender
2015-08-22 14:00 - 2014-05-20 11:40 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2015-08-22 13:51 - 2013-08-22 17:36 - 00000000 ___RD C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2015-08-22 13:51 - 2013-08-22 17:36 - 00000000 ___RD C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2015-08-22 11:44 - 2014-03-21 17:30 - 00000000 ____D C:\Program Files\Microsoft Office 15
2015-08-20 17:23 - 2014-04-27 15:49 - 00000000 ____D C:\Users\Martin\Documents\Schnaps Etiketten
2015-08-20 10:28 - 2014-04-27 15:50 - 00000000 ____D C:\Users\Martin\Documents\Äcker und Wiesen
2015-08-19 19:13 - 2014-04-27 15:49 - 00000000 ____D C:\Users\Martin\Documents\Dokumentation von Pflanzenschutz
2015-08-14 15:07 - 2014-09-28 10:16 - 00000000 ____D C:\Users\Martin\AppData\Roaming\HpUpdate
2015-08-12 16:42 - 2014-10-24 15:45 - 00000000 ____D C:\Users\Martin\Documents\Semester 6
2015-08-12 12:20 - 2014-04-27 15:50 - 00000000 ____D C:\Users\Martin\Documents\Telekom Rechnungen
==================== Dateien im Wurzelverzeichnis einiger Verzeichnisse =======
2014-04-18 19:36 - 2014-04-18 19:36 - 0000235 _____ () C:\Users\Martin\AppData\Roaming\devices.xml
2014-04-18 19:36 - 2014-04-18 19:36 - 0000012 _____ () C:\Users\Martin\AppData\Roaming\settings.xml
2015-03-01 16:01 - 2015-03-01 16:01 - 0001461 _____ () C:\Users\Martin\AppData\Local\recently-used.xbel
2014-09-28 10:14 - 2014-09-28 10:14 - 0000057 _____ () C:\ProgramData\Ament.ini
2015-04-03 15:09 - 2015-04-03 15:09 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
2014-04-18 18:59 - 2014-07-21 19:54 - 0000955 _____ () C:\ProgramData\hpzinstall.log
2013-04-26 01:15 - 2012-09-07 13:40 - 0000256 _____ () C:\ProgramData\SetStretch.cmd
2013-04-26 01:15 - 2009-07-22 12:04 - 0024576 _____ () C:\ProgramData\SetStretch.exe
2013-04-26 01:15 - 2012-09-07 13:37 - 0000103 _____ () C:\ProgramData\SetStretch.VBS
Dateien, die verschoben oder gelöscht werden sollten:
====================
C:\ProgramData\SetStretch.VBS
Einige Dateien in TEMP:
====================
C:\Users\Martin\AppData\Local\Temp\sqlite3.dll
==================== Bamital & volsnap =================
(Es ist kein automatischer Fix für Dateien vorhanden, die an der Verifikation gescheitert sind.)
C:\WINDOWS\system32\winlogon.exe => Datei ist digital signiert
C:\WINDOWS\system32\wininit.exe => Datei ist digital signiert
C:\WINDOWS\explorer.exe => Datei ist digital signiert
C:\WINDOWS\SysWOW64\explorer.exe => Datei ist digital signiert
C:\WINDOWS\system32\svchost.exe => Datei ist digital signiert
C:\WINDOWS\SysWOW64\svchost.exe => Datei ist digital signiert
C:\WINDOWS\system32\services.exe => Datei ist digital signiert
C:\WINDOWS\system32\User32.dll => Datei ist digital signiert
C:\WINDOWS\SysWOW64\User32.dll => Datei ist digital signiert
C:\WINDOWS\system32\userinit.exe => Datei ist digital signiert
C:\WINDOWS\SysWOW64\userinit.exe => Datei ist digital signiert
C:\WINDOWS\system32\rpcss.dll => Datei ist digital signiert
C:\WINDOWS\system32\dnsapi.dll => Datei ist digital signiert
C:\WINDOWS\SysWOW64\dnsapi.dll => Datei ist digital signiert
C:\WINDOWS\system32\Drivers\volsnap.sys => Datei ist digital signiert
LastRegBack: 2015-09-10 13:35
==================== Ende von FRST.txt ============================
Code:
ATTFilter Zusätzliches Untersuchungsergebnis von Farbar Recovery Scan Tool (x64) Version:10-09-2015 01
durchgeführt von Martin (2015-09-11 12:08:50)
Gestartet von C:\Users\Martin\Desktop
Windows 8.1 (X64) (2015-01-20 19:36:44)
Start-Modus: Normal
==========================================================
==================== Konten: =============================
Administrator (S-1-5-21-3515464670-2770779577-3274627398-500 - Administrator - Disabled)
Gast (S-1-5-21-3515464670-2770779577-3274627398-501 - Limited - Disabled)
Martin (S-1-5-21-3515464670-2770779577-3274627398-1002 - Administrator - Enabled) => C:\Users\Martin
UpdatusUser (S-1-5-21-3515464670-2770779577-3274627398-1001 - Limited - Enabled) => C:\Users\UpdatusUser
==================== Sicherheits-Center ========================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er entfernt.)
AV: Norton 360 Online (Enabled - Up to date) {53C7D717-52E2-B95E-FA61-6F32ECC805DB}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Norton 360 Online (Enabled - Up to date) {E8A636F3-74D8-B6D0-C0D1-5440974F4F66}
FW: Norton 360 Online (Enabled) {6BFC5632-188D-B806-D13E-C607121B42A0}
==================== Installierte Programme ======================
(Nur Adware-Programme mit dem Zusatz "Hidden" können in die Fixlist aufgenommen werden, um sie sichtbar zu machen. Die Adware-Programme sollten manuell deinstalliert werden.)
Adobe Reader XI (11.0.12) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.12 - Adobe Systems Incorporated)
ASUS Live Update (HKLM-x32\...\{FA540E67-095C-4A1B-97BA-4D547DEC9AF4}) (Version: 3.3.4 - ASUS)
ASUS Power4Gear Hybrid (HKLM\...\{9B6239BF-4E85-4590-8D72-51E30DB1A9AA}) (Version: 3.0.5 - ASUS)
ASUS Screen Saver (HKLM\...\{0FBEEDF8-30FA-4FA3-B31F-C9C7E7E8DFA2}) (Version: 1.0.1 - ASUS)
ASUS Smart Gesture (HKLM-x32\...\{4D3286A6-F6AB-498A-82A4-E4F040529F3D}) (Version: 2.2.2 - ASUS)
ASUS Splendid Video Enhancement Technology (HKLM-x32\...\{0969AF05-4FF6-4C00-9406-43599238DE0D}) (Version: 2.01.0018 - ASUS)
ASUS USB Charger Plus (HKLM-x32\...\{A859E3E5-C62F-4BFA-AF1D-2B95E03166AF}) (Version: 3.1.5 - ASUS)
ASUS VivoBook (HKLM\...\{04FDBE69-F9FD-42A2-9008-E5CE7F60C6BE}) (Version: 1.0.31 - ASUS)
ASUS WebStorage Sync Agent (HKLM-x32\...\ASUS WebStorage) (Version: 1.1.18.159 - ASUS Cloud Corporation)
ASUSDVD (HKLM-x32\...\InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}) (Version: 10.0.5520.52 - CyberLink Corp.)
ASUSDVD (x32 Version: 10.0.5520.52 - CyberLink Corp.) Hidden
AsusVibe2.0 (HKLM-x32\...\Asus Vibe2.0) (Version: 2.0.12.310 - ASUSTEK)
ATK Package (HKLM-x32\...\{AB5C933E-5C7D-4D30-B314-9C83A49B94BE}) (Version: 1.0.0030 - ASUS)
AusweisApp2 (HKLM-x32\...\{1C785E05-CFC7-43BE-9A52-9FB39C180CB8}) (Version: 1.2.2 - Governikus GmbH & Co. KG)
Azteca (x32 Version: 2.2.0.97 - WildTangent) Hidden
Bejeweled 3 (x32 Version: 2.2.0.97 - WildTangent) Hidden
Cisco AnyConnect Secure Mobility Client (HKLM-x32\...\Cisco AnyConnect Secure Mobility Client) (Version: 3.1.00495 - Cisco Systems, Inc.)
Cisco AnyConnect Secure Mobility Client (x32 Version: 3.1.00495 - Cisco Systems, Inc.) Hidden
Cut the Rope (x32 Version: 3.0.2.38 - WildTangent) Hidden
cyberJack Base Components (HKLM-x32\...\{FC338210-F594-11D3-BA24-00001C3AB4DF}) (Version: 7.2.0 - REINER SCT)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Dropbox (HKU\S-1-5-21-3515464670-2770779577-3274627398-1002\...\Dropbox) (Version: 3.8.8 - Dropbox, Inc.)
ExpressCache (HKLM\...\{C123584F-9C84-45E8-AE5F-522328BB79A0}) (Version: 1.0.100.0 - Condusiv Technologies)
Fotogalerie (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Galerie de photos (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
GIMP 2.8.14 (HKLM\...\GIMP-2_is1) (Version: 2.8.14 - The GIMP Team)
HP FWUpdateEDO2 (HKLM-x32\...\{415FA9AD-DA10-4ABE-97B6-5051D4795C90}) (Version: 1.2.0.0 - Hewlett-Packard)
HP Officejet Pro 8610 - Grundlegende Software für das Gerät (HKLM\...\{C1586445-E3CA-45F0-A754-E6C2784CDDB7}) (Version: 32.3.198.49673 - Hewlett-Packard Co.)
HP Officejet Pro 8610 Hilfe (HKLM-x32\...\{2466D8D5-4856-4492-BDEF-48A640F58866}) (Version: 32.0.0 - Hewlett Packard)
HP Update (HKLM-x32\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)
HPDiagnosticAlert (x32 Version: 1.00.0001 - Microsoft) Hidden
I.R.I.S. OCR (HKLM-x32\...\{CA6BCA2F-EDEB-408F-850B-31404BE16A61}) (Version: 12.3.4.0 - HP)
Intel Experience Center - Configuration (x32 Version: 1.9.0.8 - Intel) Hidden
Intel(R) Dynamic Platform and Thermal Framework (HKLM-x32\...\FFD10ECE-F715-4a86-9BD8-F6F47DA5DA1C) (Version: 7.0.0.2023 - Intel Corporation)
Intel(R) Experience Center Desktop Software (HKLM-x32\...\{85de612b-ee05-476a-87cc-52e5740de420}) (Version: 1.9.0.8 - Intel)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.5.13.1706 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3308 - Intel Corporation)
Intel(R) SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 3.0.0.63463 - Intel Corporation)
Intel(R) Update Manager (HKLM-x32\...\{12914061-EB9B-4AE7-AC7E-0B8A607C7DF4}) (Version: 2.3.1338 - Intel Corporation)
i-port.de Bestellsoftware (HKLM-x32\...\{B4244B8D-0D9C-4EB0-BDF3-03A2060E96A8}}_is1) (Version: 3.5.7.5 - Foto Online Service GmbH)
Malwarebytes Anti-Malware Version 2.1.8.1057 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.8.1057 - Malwarebytes Corporation)
Microsoft Office 365 - de-de (HKLM\...\O365HomePremRetail - de-de) (Version: 15.0.4745.1002 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-3515464670-2770779577-3274627398-1002\...\OneDriveSetup.exe) (Version: 17.3.1171.0714 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.40728.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft Visual Studio 2010-Tools für Office-Laufzeit (x64) Language Pack - DEU (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64) Language Pack - DEU) (Version: 10.0.50903 - Microsoft Corporation)
Movie Maker (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Mozilla Firefox 39.0 (x86 de) (HKLM-x32\...\Mozilla Firefox 39.0 (x86 de)) (Version: 39.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 38.0.1 - Mozilla)
MyBitCast 2.0 (HKLM-x32\...\MyBitCast) (Version: 2.0 - ASUS)
Norton 360 Online (HKLM-x32\...\N360) (Version: 22.5.2.15 - Symantec Corporation)
NVIDIA Grafiktreiber 331.65 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 331.65 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.13.0725 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.13.0725 - NVIDIA Corporation)
NVIDIA Update 1.15.2 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 1.15.2 - NVIDIA Corporation)
Office 15 Click-to-Run Extensibility Component (x32 Version: 15.0.4745.1002 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Licensing Component (Version: 15.0.4745.1002 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Localization Component (x32 Version: 15.0.4745.1002 - Microsoft Corporation) Hidden
Peggle (x32 Version: 2.2.0.95 - WildTangent) Hidden
Penguins! (x32 Version: 2.2.0.98 - WildTangent) Hidden
Qualcomm Atheros Bluetooth Suite (64) (HKLM\...\{A84A4FB1-D703-48DB-89E0-68B6499D2801}) (Version: 8.0.0.226 - Qualcomm Atheros Communications)
Qualcomm Atheros Client Installation Program (HKLM-x32\...\{28006915-2739-4EBE-B5E8-49B25D32EB33}) (Version: 10.0 - Qualcomm Atheros)
Raccolta foto (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.16.614.2013 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7404 - Realtek Semiconductor Corp.)
Realtek USB Card Reader (HKLM-x32\...\{1E496A68-4943-424E-829D-5C3C85B7B8F2}) (Version: 6.2.9200.39041 - Realtek Semiconductor Corp.)
Revo Uninstaller 1.95 (HKLM-x32\...\Revo Uninstaller) (Version: 1.95 - VS Revo Group)
Shared C Run-time for x64 (HKLM\...\{EF79C448-6946-4D71-8134-03407888C054}) (Version: 10.0.0 - McAfee)
SigmaPlot 13.0 (HKLM-x32\...\{88B90FF3-D0D3-454A-AACE-9B026E2829E3}) (Version: 13.0 - Systat Software, Inc.)
Skype™ 7.8 (HKLM-x32\...\{6A0549A9-1B96-498C-ACBC-3943001FEB19}) (Version: 7.8.102 - Skype Technologies S.A.)
Startfenster (HKLM-x32\...\Startfenster) (Version: - Startfenster)
Studie zur Verbesserung von HP Officejet Pro 8610 (HKLM\...\{C597CC7C-D465-4761-8516-274F3713FE85}) (Version: 32.3.198.49673 - Hewlett-Packard Co.)
Tales of Lagoona (x32 Version: 2.2.0.110 - WildTangent) Hidden
Update Installer for WildTangent Games App (x32 Version: - WildTangent) Hidden
VLC media player (HKLM\...\VLC media player) (Version: 2.2.0 - VideoLAN)
WildTangent Games (HKLM-x32\...\WildTangent wildgames Master Uninstall) (Version: 1.0.0.0 - WildTangent)
WildTangent Games App (x32 Version: 4.0.10.5 - WildTangent) Hidden
Windows Driver Package - ASUS (ATP) Mouse (07/16/2013 1.0.0.181) (HKLM\...\16D5A24C881B7CEE31FBA6DD5EC1C194C188F85A) (Version: 07/16/2013 1.0.0.181 - ASUS)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3505.0912 - Microsoft Corporation)
WinFlash (HKLM-x32\...\{8F21291E-0444-4B1D-B9F9-4370A73E346D}) (Version: 2.42.0 - ASUS)
==================== Benutzerdefinierte CLSID (Nicht auf der Ausnahmeliste): ==========================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
CustomCLSID: HKU\S-1-5-21-3515464670-2770779577-3274627398-1002_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Martin\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3515464670-2770779577-3274627398-1002_Classes\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}\InprocServer32 -> C:\Users\Martin\AppData\Local\Microsoft\SkyDrive\17.3.1171.0714\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3515464670-2770779577-3274627398-1002_Classes\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}\InprocServer32 -> C:\Users\Martin\AppData\Local\Microsoft\SkyDrive\17.3.1171.0714\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3515464670-2770779577-3274627398-1002_Classes\CLSID\{CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B}\InprocServer32 -> C:\Users\Martin\AppData\Local\Microsoft\SkyDrive\17.3.1171.0714\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3515464670-2770779577-3274627398-1002_Classes\CLSID\{ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C}\InprocServer32 -> C:\Users\Martin\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3515464670-2770779577-3274627398-1002_Classes\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}\InprocServer32 -> C:\Users\Martin\AppData\Local\Microsoft\SkyDrive\17.3.1171.0714\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3515464670-2770779577-3274627398-1002_Classes\CLSID\{F8071786-1FD0-4A66-81A1-3CBE29274458}\InprocServer32 -> C:\Users\Martin\AppData\Local\Microsoft\SkyDrive\17.3.1171.0714\amd64\FileSyncApi64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3515464670-2770779577-3274627398-1002_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Martin\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3515464670-2770779577-3274627398-1002_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Martin\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3515464670-2770779577-3274627398-1002_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Martin\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3515464670-2770779577-3274627398-1002_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Martin\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3515464670-2770779577-3274627398-1002_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Martin\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3515464670-2770779577-3274627398-1002_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Martin\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3515464670-2770779577-3274627398-1002_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Martin\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3515464670-2770779577-3274627398-1002_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Martin\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3515464670-2770779577-3274627398-1002_Classes\CLSID\{FBC9D74C-AF55-4309-9FB2-C426E071637F}\InprocServer32 -> C:\Users\Martin\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll (Dropbox, Inc.)
==================== Wiederherstellungspunkte =========================
25-07-2015 09:11:27 Windows Update
02-08-2015 16:32:20 Norton 360 Registry Clean
08-08-2015 10:31:12 Windows Update
22-08-2015 13:49:43 Windows Update
09-09-2015 13:50:19 Windows Update
11-09-2015 11:48:34 JRT Pre-Junkware Removal
==================== Hosts Inhalt: ===============================
(Wenn benötigt kann der Hosts: Schalter in die Fixlist aufgenommen werden um die Hosts Datei zurückzusetzen.)
2013-08-22 15:25 - 2013-08-22 15:25 - 00000824 ____N C:\WINDOWS\system32\Drivers\etc\hosts
==================== Geplante Aufgaben (Nicht auf der Ausnahmeliste) =============
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
Task: {0D131646-A5B6-454C-971A-882CE4E00C8B} - System32\Tasks\ASUS Splendid ACMON => C:\Program Files (x86)\ASUS\Splendid\ACMON.exe [2013-08-19] (ASUS)
Task: {158C4F9B-4D7F-4FDD-A95C-A76B7DA42A43} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesCommonx86\Microsoft Shared\OFFICE15\OLicenseHeartbeat.exe [2015-07-14] (Microsoft Corporation)
Task: {1B812889-119A-41FF-BA69-A0008357548E} - System32\Tasks\ASUS Live Update2 => C:\Program Files (x86)\ASUS\ASUS Live Update\LiveUpdate.exe [2015-03-23] (ASUSTeK Computer Inc.)
Task: {40A7D62C-5CB7-4581-A718-7946C23281FE} - System32\Tasks\ASUS Patch for Touch Panel => C:\ProgramData\AsTouchPanel\AsPatchTouchPanel64.exe [2013-01-09] (ASUSTek Computer INC.)
Task: {414353C2-75C7-4589-95DA-2201D2EC6CCA} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2015-07-14] (Microsoft Corporation)
Task: {41FDFD20-DC8E-4263-B96A-A033ADF904D2} - System32\Tasks\HPCustParticipation HP Officejet Pro 8610 => C:\Program Files\HP\HP Officejet Pro 8610\Bin\HPCustPartic.exe [2014-07-21] (Hewlett-Packard Development Company, LP)
Task: {4609E992-5058-4FE5-BC46-C59781E3FAAC} - System32\Tasks\DropboxUpdateTaskUserS-1-5-21-3515464670-2770779577-3274627398-1002Core => C:\Users\Martin\AppData\Local\Dropbox\Update\DropboxUpdate.exe [2015-07-15] (Dropbox, Inc.)
Task: {476214CB-C268-4E55-A39D-951D6F185618} - System32\Tasks\ASUS InstantOn Config => C:\Program Files\ASUS\P4G\InsOnCfg.exe
Task: {506915FB-00F1-4FB3-865E-FA1BD37788FC} - System32\Tasks\Update Checker => C:\Program Files (x86)\ASUS\ASUS Live Update\UpdateChecker.exe [2015-02-12] ()
Task: {5300B797-EDA9-4DF3-B920-FDFAB19CB9B0} - System32\Tasks\ASUS Live Update1 => C:\Program Files (x86)\ASUS\ASUS Live Update\LiveUpdate.exe [2015-03-23] (ASUSTeK Computer Inc.)
Task: {5EEFCB2D-EC58-446D-BBBD-9EE76B731A5C} - System32\Tasks\ASUS Smart Gesture Launcher => C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPLauncher.exe [2013-08-08] (AsusTek)
Task: {758EDA08-946B-42A3-9B92-7344EFBF5F05} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2015-08-26] (Microsoft Corporation)
Task: {83016F80-86D4-4FA4-9072-4A48BE46F1E8} - System32\Tasks\ASUS Splendid ColorU => C:\Program Files (x86)\ASUS\Splendid\ColorUService.exe [2013-08-16] (ASUSTeK Computer Inc.)
Task: {8EEBD759-4DA4-4BEF-B46A-FC019794AE32} - System32\Tasks\Norton 360\Norton Error Processor => C:\Program Files (x86)\Norton 360\Engine\22.5.2.15\SymErr.exe [2015-05-19] (Symantec Corporation)
Task: {A54C85A3-480F-41E4-AAA9-89F9594A9E53} - System32\Tasks\Remediation\AntimalwareMigrationTask => C:\Program Files\Common Files\AV\Norton 360 Online\Upgrade.exe [2015-07-27] (Symantec Corporation)
Task: {AEC33DD3-D455-42C2-9C40-C60D7AF59A0A} - System32\Tasks\Norton WSC Integration => C:\Program Files (x86)\Norton 360\Engine\22.5.2.15\WSCStub.exe [2015-07-16] (Symantec Corporation)
Task: {B619E8E9-7D21-436F-9C7B-85B29F4C2A91} - System32\Tasks\DropboxUpdateTaskUserS-1-5-21-3515464670-2770779577-3274627398-1002UA => C:\Users\Martin\AppData\Local\Dropbox\Update\DropboxUpdate.exe [2015-07-15] (Dropbox, Inc.)
Task: {BBFD86CC-AEF2-4341-B3CC-0420A8AFEECD} - System32\Tasks\AsusVibeSchedule => C:\Program Files (x86)\Asus\AsusVibe\AsusVibeLauncher.exe [2013-07-09] ()
Task: {BD8526F5-7A39-4C04-BFC2-ACD114C5DB18} - System32\Tasks\Norton 360\Norton Error Analyzer => C:\Program Files (x86)\Norton 360\Engine\22.5.2.15\SymErr.exe [2015-05-19] (Symantec Corporation)
Task: {BEF3F9E0-2977-43D1-A730-07607EA5BE2F} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2015-07-14] (Microsoft Corporation)
Task: {C2172E41-921E-4DB9-A45A-A91A0D04CAF8} - System32\Tasks\ASUS Vivokey => C:\Program Files\ASUS\ASUS VivoBook\vivokey.exe [2013-08-23] (ASUSTek Computer Inc.)
Task: {C5314E75-AC88-4F4B-BDB6-2D319DEF4932} - System32\Tasks\RtHDVBg => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [2014-12-11] (Realtek Semiconductor)
Task: {CE0C27F4-2FCB-4224-A851-9BD1D1327D56} - System32\Tasks\CreateChoiceProcessTask => C:\Windows\BrowserChoice\browserchoice.exe
Task: {D257DF6D-57BC-4886-8988-F80E5E861B54} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-07-07] (Adobe Systems Incorporated)
Task: {D5EF0318-843C-4AC3-9C2B-21977C825E51} - System32\Tasks\RTKCPL => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [2014-12-11] (Realtek Semiconductor)
Task: {E45FA079-0A84-4A35-864A-BC4CF4234544} - System32\Tasks\ASUS USB Charger Plus => C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe [2013-08-09] (ASUSTek Computer Inc.)
Task: {EA889F9D-365D-40E3-A424-0D53B3B1F0AA} - System32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473 => C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\iumsvc.exe [2014-02-28] ()
Task: {EBCE125A-C414-4B68-BA39-3A958F33F225} - System32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473-Logon => C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\iumsvc.exe [2014-02-28] ()
Task: {F0EAD2AE-6B34-4AD1-909C-B48CF1D887C5} - System32\Tasks\ASUS P4G => C:\Program Files\ASUS\P4G\BatteryLife.exe [2013-07-23] (ASUS)
Task: {F2CB4B7A-9D1E-4752-8983-4BE0770C76D7} - System32\Tasks\Microsoft\Windows\Application Experience\ProgramDataUpdater => Rundll32.exe invagent.dll,RunUpdate -noappraiser
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Aufgabe verschoben. Die Datei, die durch die Aufgabe gestartet wird, wird nicht verschoben.)
Task: C:\WINDOWS\Tasks\DropboxUpdateTaskUserS-1-5-21-3515464670-2770779577-3274627398-1002Core.job => C:\Users\Martin\AppData\Local\Dropbox\Update\DropboxUpdate.exe
Task: C:\WINDOWS\Tasks\DropboxUpdateTaskUserS-1-5-21-3515464670-2770779577-3274627398-1002UA.job => C:\Users\Martin\AppData\Local\Dropbox\Update\DropboxUpdate.exe
==================== Geladene Module (Nicht auf der Ausnahmeliste) ==============
2013-12-10 08:13 - 2013-12-10 08:13 - 00013088 _____ () C:\Program Files\NVIDIA Corporation\CoProcManager\detoured.dll
2014-04-18 20:05 - 2014-05-20 09:19 - 00105640 _____ () C:\Program Files\Microsoft Office 15\ClientX64\ApiClient.dll
2013-12-10 08:13 - 2013-12-10 08:13 - 00013088 _____ () C:\Program Files (x86)\NVIDIA Corporation\CoProcManager\detoured.dll
2013-10-05 22:45 - 2013-08-08 14:23 - 01242584 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\ACE.dll
2012-08-03 21:53 - 2012-08-03 21:53 - 00062968 _____ () C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\zlib1.dll
2013-04-27 10:24 - 2013-04-27 10:24 - 00071680 _____ () C:\Program Files (x86)\ASUS\ASUS Live Update\checkmetro.dll
==================== Alternate Data Streams (Nicht auf der Ausnahmeliste) =========
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird nur der ADS entfernt.)
==================== Abgesicherter Modus (Nicht auf der Ausnahmeliste) ===================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Der Wert "AlternateShell" wird wiederhergestellt.)
==================== EXE Verknüpfungen (Nicht auf der Ausnahmeliste) ===============
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt.)
==================== Internet Explorer Vertrauenswürdig/Eingeschränkt ===============
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt.)
IE trusted site: HKU\S-1-5-21-3515464670-2770779577-3274627398-1002\...\127.0.0.1 -> hxxp://127.0.0.1
==================== Andere Bereiche ============================
(Aktuell gibt es keinen automatisierten Fix für diesen Bereich.)
HKU\S-1-5-21-3515464670-2770779577-3274627398-1002\Control Panel\Desktop\\Wallpaper -> C:\Windows\ASUS\wallpapers\ASUS.jpg
DNS Servers: 192.168.2.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall ist aktiviert.
==================== MSCONFIG/TASK MANAGER Deaktivierte Einträge ==
(Aktuell gibt es keinen automatisierten Fix für diesen Bereich.)
HKU\S-1-5-21-3515464670-2770779577-3274627398-1002\...\StartupApproved\StartupFolder: => "An OneNote senden.lnk"
HKU\S-1-5-21-3515464670-2770779577-3274627398-1002\...\StartupApproved\Run: => "Dropbox Update"
==================== Firewall Regeln (Nicht auf der Ausnahmeliste) ===============
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [{751F841B-9D64-4C50-A018-BE9CA092A5D4}] => (Allow) C:\Users\Martin\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [{950877E4-82DD-4ED7-975E-2A7BB79C2351}] => (Allow) C:\Users\Martin\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [{85822F7D-18B7-4892-AF89-9B1B4698E078}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
FirewallRules: [{10D9E59D-39F2-455B-90E9-E8BD360101B4}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
FirewallRules: [{3928848A-37F9-4D9C-A6B8-A6A885D8D78E}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\outlook.exe
FirewallRules: [{D2AC0B64-FA96-49B9-AE81-62AD4C0F9175}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD10\PowerDVD10.EXE
FirewallRules: [{9CBDB688-1560-4EC3-B3C4-13B86FD1A88A}] => (Allow) C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe
FirewallRules: [{99AB5382-1059-45AC-AAEB-E32736E99DF9}] => (Allow) C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe
FirewallRules: [{08DF9207-336B-4D4F-B1FD-122BC45D324B}] => (Allow) LPort=1900
FirewallRules: [{CACDB418-5466-44CB-97EB-234638B11E8D}] => (Allow) LPort=2869
FirewallRules: [{8F742722-EB63-4B60-8280-435B83C49A8F}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{1B753360-4F37-4FE7-91C8-7B951E0BB4DF}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{5C96BA0C-C228-4D5D-B2AF-C807599DC021}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{8C373356-43AD-42B1-A057-257449FA707E}] => (Allow) C:\Users\Martin\AppData\Local\Temp\7zS5C4C\HPDiagnosticCoreUI.exe
FirewallRules: [{2ACD19DF-50FB-4126-9924-18106E745FD3}] => (Allow) C:\Users\Martin\AppData\Local\Temp\7zS5C4C\HPDiagnosticCoreUI.exe
FirewallRules: [{A12D5A7A-548C-4D13-9750-5CE1C783ECAF}] => (Allow) C:\Program Files\HP\HP Officejet Pro 8610\bin\FaxApplications.exe
FirewallRules: [{B289DC0F-4830-432D-84A4-1A2541B4D1EB}] => (Allow) C:\Program Files\HP\HP Officejet Pro 8610\bin\DigitalWizards.exe
FirewallRules: [{190175D6-97F1-45CD-87F5-DA52B8783708}] => (Allow) C:\Program Files\HP\HP Officejet Pro 8610\bin\SendAFax.exe
FirewallRules: [{2B43AB12-80FC-4488-B064-4072CC2ABF09}] => (Allow) C:\Program Files\HP\HP Officejet Pro 8610\Bin\DeviceSetup.exe
FirewallRules: [{B6617DA2-917E-4925-90A9-54EFFAF2C2EC}] => (Allow) LPort=5357
FirewallRules: [{18758A9E-399C-43A6-9BAE-6C5A8651EC9D}] => (Allow) C:\Program Files\HP\HP Officejet Pro 8610\Bin\HPNetworkCommunicatorCom.exe
FirewallRules: [{38AB1BD2-8933-4AF1-AE25-F75BD4FAF664}] => (Allow) C:\Users\Martin\AppData\Local\Temp\7zS68C6\HPDiagnosticCoreUI.exe
FirewallRules: [{5EFF3C30-5418-44BE-B752-DADF66A79672}] => (Allow) C:\Users\Martin\AppData\Local\Temp\7zS68C6\HPDiagnosticCoreUI.exe
FirewallRules: [{9B209BC0-BE38-43A1-8798-A669D23B7168}] => (Allow) C:\Users\Martin\AppData\Local\Temp\7zS693C\HPDiagnosticCoreUI.exe
FirewallRules: [{0E1DEA38-16FD-49FF-918F-54608336B1D0}] => (Allow) C:\Users\Martin\AppData\Local\Temp\7zS693C\HPDiagnosticCoreUI.exe
FirewallRules: [{C99C6943-96E7-41FE-A3C3-721B5CD6B873}] => (Allow) C:\Users\Martin\AppData\Local\Temp\7zS026A\HPDiagnosticCoreUI.exe
FirewallRules: [{D372B8AC-3B0C-4D7B-BF1C-B93378B8D281}] => (Allow) C:\Users\Martin\AppData\Local\Temp\7zS026A\HPDiagnosticCoreUI.exe
FirewallRules: [AusweisApp2-Firewall-Rule] => (Allow) C:\Program Files (x86)\AusweisApp2 1.2.2\AusweisApp2.exe
==================== Fehlerhafte Geräte im Gerätemanager =============
Name: Cisco AnyConnect Secure Mobility Client Virtual Miniport Adapter for Windows x64
Description: Cisco AnyConnect Secure Mobility Client Virtual Miniport Adapter for Windows x64
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Cisco Systems
Service: vpnva
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
==================== Fehlereinträge in der Ereignisanzeige: =========================
Applikationsfehler:
==================
Error: (09/10/2015 12:35:16 PM) (Source: MsiInstaller) (EventID: 11706) (User: Martin-Laptop)
Description: Product: LPT System Updater Service -- Error 1706. An installation package for the product LPT System Updater Service cannot be found. Try the installation again using a valid copy of the installation package 'LPTInstaller.msi'.
Error: (09/09/2015 11:00:12 PM) (Source: MsiInstaller) (EventID: 11706) (User: Martin-Laptop)
Description: Product: LPT System Updater Service -- Error 1706. An installation package for the product LPT System Updater Service cannot be found. Try the installation again using a valid copy of the installation package 'LPTInstaller.msi'.
Error: (09/09/2015 10:59:45 PM) (Source: MsiInstaller) (EventID: 11706) (User: Martin-Laptop)
Description: Product: LPT System Updater Service -- Error 1706. An installation package for the product LPT System Updater Service cannot be found. Try the installation again using a valid copy of the installation package 'LPTInstaller.msi'.
Error: (09/09/2015 02:37:13 PM) (Source: Python Service) (EventID: 255) (User: )
Description: Exception : (1056, 'StartService', 'Es wird bereits eine Instanz des Dienstes ausgef\xfchrt.')
Error: (09/08/2015 07:32:57 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: SplitCam.exe, Version: 6.9.4.1, Zeitstempel: 0x541675c3
Name des fehlerhaften Moduls: CLFLVSplitter.ax, Version: 1.0.0.3327, Zeitstempel: 0x4e817ba8
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00007d16
ID des fehlerhaften Prozesses: 0x1810
Startzeit der fehlerhaften Anwendung: 0xSplitCam.exe0
Pfad der fehlerhaften Anwendung: SplitCam.exe1
Pfad des fehlerhaften Moduls: SplitCam.exe2
Berichtskennung: SplitCam.exe3
Vollständiger Name des fehlerhaften Pakets: SplitCam.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: SplitCam.exe5
Error: (09/08/2015 04:21:04 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: GWXUX.exe, Version: 6.3.9600.17924, Zeitstempel: 0x55959290
Name des fehlerhaften Moduls: ntdll.dll, Version: 6.3.9600.17936, Zeitstempel: 0x55a68e0c
Ausnahmecode: 0xc0000005
Fehleroffset: 0x000000000003d86e
ID des fehlerhaften Prozesses: 0x2c08
Startzeit der fehlerhaften Anwendung: 0xGWXUX.exe0
Pfad der fehlerhaften Anwendung: GWXUX.exe1
Pfad des fehlerhaften Moduls: GWXUX.exe2
Berichtskennung: GWXUX.exe3
Vollständiger Name des fehlerhaften Pakets: GWXUX.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: GWXUX.exe5
Error: (09/08/2015 04:20:59 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: GWXUX.exe, Version: 6.3.9600.17924, Zeitstempel: 0x55959290
Name des fehlerhaften Moduls: ntdll.dll, Version: 6.3.9600.17936, Zeitstempel: 0x55a68e0c
Ausnahmecode: 0xc0000005
Fehleroffset: 0x000000000003d86e
ID des fehlerhaften Prozesses: 0x2c08
Startzeit der fehlerhaften Anwendung: 0xGWXUX.exe0
Pfad der fehlerhaften Anwendung: GWXUX.exe1
Pfad des fehlerhaften Moduls: GWXUX.exe2
Berichtskennung: GWXUX.exe3
Vollständiger Name des fehlerhaften Pakets: GWXUX.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: GWXUX.exe5
Error: (09/06/2015 11:03:45 AM) (Source: ESENT) (EventID: 454) (User: )
Description: taskhostex (13304) IndexedDb: Bei Datenbankwiederherstellung trat ein unerwarteter Fehler -1216 auf.
Error: (09/06/2015 11:03:45 AM) (Source: ESENT) (EventID: 494) (User: )
Description: taskhostex (13304) IndexedDb: Bei der Datenbankwiederherstellung ist ein Fehler aufgetreten (Fehler -1216), da Verweise auf Datenbank "C:\Users\Martin\AppData\Local\Microsoft\Internet Explorer\Indexed DB\Internet.edb" festgestellt wurden, die nicht mehr vorhanden ist. Die Datenbank wurde nicht sauber heruntergefahren, bevor sie entfernt (oder möglicherweise verschoben oder umbenannt) wurde. Das Datenbankmodul lässt den Abschluss der Wiederherstellung für diese Instanz erst dann zu, wenn die fehlende Datenbank wieder verfügbar gemacht wird. Wenn die Datenbank tatsächlich nicht mehr verfügbar oder nicht mehr erforderlich ist, finden Sie Informationen zum Beheben dieses Fehlers in der Microsoft Knowledge Base oder unter dem Link "Weitere Informationen" am Ende dieser Meldung.
Error: (09/03/2015 07:08:14 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: SplitCam.exe, Version: 6.9.4.1, Zeitstempel: 0x541675c3
Name des fehlerhaften Moduls: CLFLVSplitter.ax, Version: 1.0.0.3327, Zeitstempel: 0x4e817ba8
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00007d16
ID des fehlerhaften Prozesses: 0xea0
Startzeit der fehlerhaften Anwendung: 0xSplitCam.exe0
Pfad der fehlerhaften Anwendung: SplitCam.exe1
Pfad des fehlerhaften Moduls: SplitCam.exe2
Berichtskennung: SplitCam.exe3
Vollständiger Name des fehlerhaften Pakets: SplitCam.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: SplitCam.exe5
Systemfehler:
=============
Error: (09/11/2015 11:50:02 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Windows Media Player-Netzwerkfreigabedienst" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 30000 Millisekunden durchgeführt: Neustart des Diensts.
Error: (09/11/2015 11:50:02 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "NVIDIA Update Service Daemon" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.
Error: (09/11/2015 11:50:02 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "Intel(R) Dynamic Application Loader Host Interface Service" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.
Error: (09/11/2015 11:50:02 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "Intel(R) ME Service" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.
Error: (09/11/2015 11:49:57 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "ZAtheros Bt and Wlan Coex Agent" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.
Error: (09/11/2015 11:49:56 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Intel(R) Capability Licensing Service Interface" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 0 Millisekunden durchgeführt: Neustart des Diensts.
Error: (09/11/2015 11:49:56 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "ExpressCache" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.
Error: (09/11/2015 11:49:56 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "Intel(R) Dynamic Platform and Thermal Framework Low Power Mode Service Application" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.
Error: (09/11/2015 11:49:56 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "Intel(R) Dynamic Platform and Thermal Framework Critical Service Application" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.
Error: (09/11/2015 11:49:55 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "Intel(R) Dynamic Platform and Thermal Framework Config TDP Service Application" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.
Microsoft Office:
=========================
Error: (09/10/2015 12:35:16 PM) (Source: MsiInstaller) (EventID: 11706) (User: Martin-Laptop)
Description: Product: LPT System Updater Service -- Error 1706. An installation package for the product LPT System Updater Service cannot be found. Try the installation again using a valid copy of the installation package 'LPTInstaller.msi'.(NULL)(NULL)(NULL)(NULL)(NULL)
Error: (09/09/2015 11:00:12 PM) (Source: MsiInstaller) (EventID: 11706) (User: Martin-Laptop)
Description: Product: LPT System Updater Service -- Error 1706. An installation package for the product LPT System Updater Service cannot be found. Try the installation again using a valid copy of the installation package 'LPTInstaller.msi'.(NULL)(NULL)(NULL)(NULL)(NULL)
Error: (09/09/2015 10:59:45 PM) (Source: MsiInstaller) (EventID: 11706) (User: Martin-Laptop)
Description: Product: LPT System Updater Service -- Error 1706. An installation package for the product LPT System Updater Service cannot be found. Try the installation again using a valid copy of the installation package 'LPTInstaller.msi'.(NULL)(NULL)(NULL)(NULL)(NULL)
Error: (09/09/2015 02:37:13 PM) (Source: Python Service) (EventID: 255) (User: )
Description: Exception : (1056, 'StartService', 'Es wird bereits eine Instanz des Dienstes ausgef\xfchrt.')
Error: (09/08/2015 07:32:57 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: SplitCam.exe6.9.4.1541675c3CLFLVSplitter.ax1.0.0.33274e817ba8c000000500007d16181001d0ea54efef7c30C:\Program Files (x86)\SplitCam\SplitCam.exeC:\Program Files (x86)\CyberLink\PowerDVD10\NavFilter\CLFLVSplitter.axa4989800-564f-11e5-bed5-d850e6a0ba0c
Error: (09/08/2015 04:21:04 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: GWXUX.exe6.3.9600.1792455959290ntdll.dll6.3.9600.1793655a68e0cc0000005000000000003d86e2c0801d0ea4194dc05d6C:\WINDOWS\System32\GWX\GWXUX.exeC:\WINDOWS\SYSTEM32\ntdll.dlld5fd1c75-5634-11e5-bed5-d850e6a0ba0c
Error: (09/08/2015 04:20:59 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: GWXUX.exe6.3.9600.1792455959290ntdll.dll6.3.9600.1793655a68e0cc0000005000000000003d86e2c0801d0ea4194dc05d6C:\WINDOWS\System32\GWX\GWXUX.exeC:\WINDOWS\SYSTEM32\ntdll.dlld31ec67f-5634-11e5-bed5-d850e6a0ba0c
Error: (09/06/2015 11:03:45 AM) (Source: ESENT) (EventID: 454) (User: )
Description: taskhostex13304IndexedDb: -1216
Error: (09/06/2015 11:03:45 AM) (Source: ESENT) (EventID: 494) (User: )
Description: taskhostex13304IndexedDb: -1216C:\Users\Martin\AppData\Local\Microsoft\Internet Explorer\Indexed DB\Internet.edb
Error: (09/03/2015 07:08:14 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: SplitCam.exe6.9.4.1541675c3CLFLVSplitter.ax1.0.0.33274e817ba8c000000500007d16ea001d0e66ac8da1adcC:\Program Files (x86)\SplitCam\SplitCam.exeC:\Program Files (x86)\CyberLink\PowerDVD10\NavFilter\CLFLVSplitter.ax5c726c56-525e-11e5-bed5-d850e6a0ba0c
==================== Speicherinformationen ===========================
Prozessor: Intel(R) Core(TM) i5-4200U CPU @ 1.60GHz
Prozentuale Nutzung des RAM: 32%
Installierter physikalischer RAM: 8075.21 MB
Verfügbarer physikalischer RAM: 5457.65 MB
Summe virtueller Speicher: 16267.21 MB
Verfügbarer virtueller Speicher: 13737.77 MB
==================== Laufwerke ================================
Drive c: (OS) (Fixed) (Total:372.16 GB) (Free:276.77 GB) NTFS ==>[System mit Startkomponenten (eingeholt von lesen Laufwerk)]
Drive d: (Data) (Fixed) (Total:537.8 GB) (Free:537.64 GB) NTFS
==================== MBR & Partitionstabelle ==================
========================================================
Disk: 0 (Size: 931.5 GB) (Disk ID: 57788C0B)
Partition: GPT.
========================================================
Disk: 1 (Size: 22.4 GB) (Disk ID: D6909034)
Partition: GPT.
==================== Ende von Addition.txt ============================
Martsch |
|
12.09.2015, 09:37
| #7 |
| /// the machine /// TB-Ausbilder | Links über Skype und Mails werden verschickt - aber nicht von mirESET Online Scanner
Downloade Dir bitte  SecurityCheck und:
und ein frisches FRST log bitte. Noch Probleme? 
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
12.09.2015, 14:09
| #8 |
| | Links über Skype und Mails werden verschickt - aber nicht von mir Hi Schrauber, hier die Logfiles. ESET Code:
ATTFilter ESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# EOSSerial=31ab2c61cd9f614eb38068ad58192018
# end=init
# utc_time=2015-09-12 09:36:30
# local_time=2015-09-12 11:36:30 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# osver=6.2.9200 NT
Update Init
Update Download
Update Finalize
Updated modules version: 25726
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# EOSSerial=31ab2c61cd9f614eb38068ad58192018
# end=updated
# utc_time=2015-09-12 09:42:22
# local_time=2015-09-12 11:42:22 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# osver=6.2.9200 NT
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7777
# api_version=3.1.1
# EOSSerial=31ab2c61cd9f614eb38068ad58192018
# engine=25726
# end=stopped
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2015-09-12 09:52:44
# local_time=2015-09-12 11:52:44 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1031
# osver=6.2.9200 NT
# compatibility_mode_1=''
# compatibility_mode=3589 16777213 100 57 5565 204648149 0 0
# compatibility_mode_1=''
# compatibility_mode=5893 16776574 100 94 1806494 47916536 0 0
# scanned=4527
# found=0
# cleaned=0
# scan_time=621
ESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# EOSSerial=31ab2c61cd9f614eb38068ad58192018
# end=init
# utc_time=2015-09-12 09:53:52
# local_time=2015-09-12 11:53:52 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# osver=6.2.9200 NT
Update Init
Update Download
esets_scanner_update returned -1 esets_gle=53251
Update Finalize
Updated modules version: 25726
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# EOSSerial=31ab2c61cd9f614eb38068ad58192018
# end=updated
# utc_time=2015-09-12 09:54:30
# local_time=2015-09-12 11:54:30 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# osver=6.2.9200 NT
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7777
# api_version=3.1.1
# EOSSerial=31ab2c61cd9f614eb38068ad58192018
# engine=25726
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2015-09-12 12:38:46
# local_time=2015-09-12 02:38:46 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1031
# osver=6.2.9200 NT
# compatibility_mode_1=''
# compatibility_mode=3589 16777213 100 57 15527 204658111 0 0
# compatibility_mode_1=''
# compatibility_mode=5893 16776574 100 94 1816456 47926498 0 0
# scanned=263542
# found=0
# cleaned=0
# scan_time=9855
Code:
ATTFilter Results of screen317's Security Check version 1.008
x64 (UAC is enabled)
Internet Explorer 11
``````````````Antivirus/Firewall Check:``````````````
Norton 360 Online
Windows Defender
WMI entry may not exist for antivirus; attempting automatic update.
`````````Anti-malware/Other Utilities Check:`````````
Adobe Reader XI
Mozilla Firefox (39.0)
````````Process Check: objlist.exe by Laurent````````
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: %
````````````````````End of Log``````````````````````
Code:
ATTFilter Untersuchungsergebnis von Farbar Recovery Scan Tool (FRST) (x64) Version:10-09-2015 01
durchgeführt von Martin (Administrator) auf MARTIN-LAPTOP (12-09-2015 14:53:28)
Gestartet von C:\Users\Martin\Desktop
Geladene Profile: Martin (Verfügbare Profile: UpdatusUser & Martin)
Platform: Windows 8.1 (X64) Sprache: Deutsch (Deutschland)
Internet Explorer Version 11 (Standard-Browser: IE)
Start-Modus: Normal
Anleitung für Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Prozesse (Nicht auf der Ausnahmeliste) =================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Prozess geschlossen. Die Datei wird nicht verschoben.)
(Symantec Corporation) C:\Program Files (x86)\Norton 360\Engine\22.5.2.15\N360.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Cisco Systems, Inc.) C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Symantec Corporation) C:\Program Files (x86)\Norton 360\Engine\22.5.2.15\N360.exe
(ASUS) C:\Program Files (x86)\ASUS\Splendid\ACMON.exe
(ASUSTek Computer INC.) C:\ProgramData\AsTouchPanel\AsPatchTouchPanel64.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\Splendid\ColorUService.exe
(ASUSTek Computer Inc.) C:\Program Files\ASUS\ASUS VivoBook\vivokey.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe
(ASUS) C:\Program Files\ASUS\P4G\BatteryLife.exe
(AsusTek) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPLoader.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\QuickGesture\x64\QuickGesture64.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\QuickGesture\x86\QuickGesture.exe
(AsusTek) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPHelper.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Atheros Communications) C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe
() C:\Program Files (x86)\Bluetooth Suite\ActivateDesktop.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Adobe Systems Incorporated) C:\Windows\System32\Macromed\Flash\FlashUtil_ActiveX.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\ASUS Live Update\LiveUpdate.exe
(AsusTek) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPCenter.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
==================== Registry (Nicht auf der Ausnahmeliste) ===========================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt. Die Datei wird nicht verschoben.)
HKLM\...\Run: [DptfPolicyLpmServiceHelper] => C:\WINDOWS\system32\DptfPolicyLpmServiceHelper.exe [79376 2013-07-31] (Intel Corporation)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13776088 2014-12-11] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1391472 2014-12-11] (Realtek Semiconductor)
HKLM-x32\...\Run: [ASUSPRP] => C:\Program Files (x86)\ASUS\APRP\APRP.EXE [3187360 2013-04-26] (ASUSTek Computer Inc.)
HKLM-x32\...\Run: [ASUSWebStorage] => C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.18.159\AsusWSPanel.exe [3576784 2012-12-19] (ASUS Cloud Corporation)
HKLM-x32\...\Run: [RemoteControl10] => C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe [95192 2013-03-08] (CyberLink Corp.)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard)
HKLM-x32\...\Run: [] => [X]
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKLM\...\Policies\Explorer\Run: [BtvStack] => C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe [132736 2013-04-24] (Atheros Communications)
HKU\S-1-5-21-3515464670-2770779577-3274627398-1002\...\Run: [Dropbox Update] => C:\Users\Martin\AppData\Local\Dropbox\Update\DropboxUpdate.exe [134512 2015-07-15] (Dropbox, Inc.)
AppInit_DLLs: C:\Windows\system32\nvinitx.dll => C:\Windows\system32\nvinitx.dll [168616 2013-12-10] (NVIDIA Corporation)
ShellIconOverlayIdentifiers: [ OverlayExcluded] -> {4433A54A-1AC8-432F-90FC-85F045CF383C} => C:\Program Files (x86)\Norton 360\Engine64\22.5.2.15\buShell.dll [2015-07-13] (Symantec Corporation)
ShellIconOverlayIdentifiers: [ OverlayPending] -> {F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225} => C:\Program Files (x86)\Norton 360\Engine64\22.5.2.15\buShell.dll [2015-07-13] (Symantec Corporation)
ShellIconOverlayIdentifiers: [ OverlayProtected] -> {476D0EA3-80F9-48B5-B70B-05E677C9C148} => C:\Program Files (x86)\Norton 360\Engine64\22.5.2.15\buShell.dll [2015-07-13] (Symantec Corporation)
ShellIconOverlayIdentifiers: [!AsusWSShellExt_B] -> {6D4133E5-0742-4ADC-8A8C-9303440F7190} => C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.18.159\ASUSWSShellExt64.dll [2012-09-27] (ASUS Cloud Corporation.)
ShellIconOverlayIdentifiers: [!AsusWSShellExt_O] -> {64174815-8D98-4CE6-8646-4C039977D808} => C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.18.159\ASUSWSShellExt64.dll [2012-09-27] (ASUS Cloud Corporation.)
ShellIconOverlayIdentifiers: [!AsusWSShellExt_U] -> {1C5AB7B1-0B38-4EC4-9093-7FD277E2AF4D} => C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.18.159\ASUSWSShellExt64.dll [2012-09-27] (ASUS Cloud Corporation.)
ShellIconOverlayIdentifiers: ["DropboxExt1"] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Martin\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll [2015-08-14] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt2"] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Martin\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll [2015-08-14] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt3"] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Martin\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll [2015-08-14] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt4"] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Martin\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll [2015-08-14] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt5"] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Martin\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll [2015-08-14] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt6"] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Martin\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll [2015-08-14] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt7"] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Martin\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll [2015-08-14] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt8"] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Martin\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll [2015-08-14] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Martin\AppData\Roaming\Dropbox\bin\DropboxExt.27.dll [2015-08-14] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Martin\AppData\Roaming\Dropbox\bin\DropboxExt.27.dll [2015-08-14] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt3] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Martin\AppData\Roaming\Dropbox\bin\DropboxExt.27.dll [2015-08-14] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt4] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Martin\AppData\Roaming\Dropbox\bin\DropboxExt.27.dll [2015-08-14] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt5] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Martin\AppData\Roaming\Dropbox\bin\DropboxExt.27.dll [2015-08-14] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt6] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Martin\AppData\Roaming\Dropbox\bin\DropboxExt.27.dll [2015-08-14] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt7] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Martin\AppData\Roaming\Dropbox\bin\DropboxExt.27.dll [2015-08-14] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt8] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Martin\AppData\Roaming\Dropbox\bin\DropboxExt.27.dll [2015-08-14] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt1"] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Martin\AppData\Roaming\Dropbox\bin\DropboxExt.27.dll [2015-08-14] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt2"] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Martin\AppData\Roaming\Dropbox\bin\DropboxExt.27.dll [2015-08-14] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt3"] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Martin\AppData\Roaming\Dropbox\bin\DropboxExt.27.dll [2015-08-14] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt4"] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Martin\AppData\Roaming\Dropbox\bin\DropboxExt.27.dll [2015-08-14] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt5"] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Martin\AppData\Roaming\Dropbox\bin\DropboxExt.27.dll [2015-08-14] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt6"] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Martin\AppData\Roaming\Dropbox\bin\DropboxExt.27.dll [2015-08-14] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt7"] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Martin\AppData\Roaming\Dropbox\bin\DropboxExt.27.dll [2015-08-14] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt8"] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Martin\AppData\Roaming\Dropbox\bin\DropboxExt.27.dll [2015-08-14] (Dropbox, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\hpoddt01.exe.lnk [2014-07-21]
ShortcutTarget: hpoddt01.exe.lnk -> C:\Program Files (x86)\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe (Hewlett-Packard)
Startup: C:\Users\Martin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Tintenwarnungen überwachen - HP Officejet Pro 8610.lnk [2015-07-04]
ShortcutTarget: Tintenwarnungen überwachen - HP Officejet Pro 8610.lnk -> C:\Program Files\HP\HP Officejet Pro 8610\Bin\HPStatusBL.dll (Hewlett-Packard Development Company, LP)
==================== Internet (Nicht auf der Ausnahmeliste) ====================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Eintrag entfernt oder auf den Standardwert zurückgesetzt, wenn es sich um einen Registryeintrag handelt..)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1
Tcpip\..\Interfaces\{08FE31C7-FE0C-474C-9C6C-CCC50F44AABB}: [DhcpNameServer] 192.168.2.1
Tcpip\..\Interfaces\{B9F03622-55EC-4EE5-81B5-0FB25A5E26C1}: [DhcpNameServer] 30.50.1.1 30.50.1.2
Internet Explorer:
==================
HKU\S-1-5-21-3515464670-2770779577-3274627398-1002\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.bing.com/search?q={searchTerms}
HKU\S-1-5-21-3515464670-2770779577-3274627398-1002\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://t.asus13.de.msn.com/?pc=asu2js&ocid=asudhp
HKU\S-1-5-21-3515464670-2770779577-3274627398-1002\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://asus13.msn.com
HKU\S-1-5-21-3515464670-2770779577-3274627398-1002\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.bing.com/search?q={searchTerms}
SearchScopes: HKLM-x32 -> DefaultScope {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL =
SearchScopes: HKU\S-1-5-21-3515464670-2770779577-3274627398-1002 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll [2015-07-14] (Microsoft Corporation)
BHO: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton 360\Engine64\22.5.2.15\coIEPlg.dll [2015-07-10] (Symantec Corporation)
BHO: CIESpeechBHO Class -> {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} -> C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll [2013-04-24] (Qualcomm Atheros Commnucations)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL [2015-07-14] (Microsoft Corporation)
BHO-x32: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton 360\Engine\22.5.2.15\coIEPlg.dll [2015-07-10] (Symantec Corporation)
BHO-x32: Norton Vulnerability Protection -> {6D53EC84-6AAE-4787-AEEE-F4628F01010C} -> C:\Program Files (x86)\Norton 360\Engine\21.7.0.11\IPS\IPSBHO.DLL Keine Datei
Toolbar: HKLM - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine64\22.5.2.15\coIEPlg.dll [2015-07-10] (Symantec Corporation)
Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine\22.5.2.15\coIEPlg.dll [2015-07-10] (Symantec Corporation)
Toolbar: HKU\S-1-5-21-3515464670-2770779577-3274627398-1002 -> Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine64\22.5.2.15\coIEPlg.dll [2015-07-10] (Symantec Corporation)
DPF: HKLM-x32 {0D41B8C5-2599-4893-8183-00195EC8D5F9} hxxp://support.asus.com/select/asusTek_sys_ctrl3.cab
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL [2015-02-03] (Microsoft Corporation)
FireFox:
========
FF ProfilePath: C:\Users\Martin\AppData\Roaming\Mozilla\Firefox\Profiles\2q61wmip.default
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2013-08-08] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2013-08-08] (Intel Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL [2014-04-18] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3505.0912 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-09-12] (Microsoft Corporation)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll [2012-10-12] ()
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2015-06-29] (Adobe Systems Inc.)
FF HKLM-x32\...\Firefox\Extensions: [{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_22.5.2.15\coFFPlgn
FF Extension: Norton Toolbar - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_22.5.2.15\coFFPlgn [2015-09-11]
FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK
Chrome:
=======
CHR HKLM\...\Chrome\Extension: [cjabmdjcfcfdmffimndhafhblfmpjdpe] - C:\Program Files (x86)\Norton 360\Engine\22.5.2.15\Exts\Chrome.crx [2015-08-10]
CHR HKLM\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - https://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [cjabmdjcfcfdmffimndhafhblfmpjdpe] - C:\Program Files (x86)\Norton 360\Engine\22.5.2.15\Exts\Chrome.crx [2015-08-10]
CHR HKLM-x32\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - https://clients2.google.com/service/update2/crx
==================== Dienste (Nicht auf der Ausnahmeliste) ========================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
S2 ASUS InstantOn; C:\Program Files\ASUS\P4G\InsOnSrv.exe [277120 2013-07-23] (ASUS)
S2 Asus WebStorage Windows Service; C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.18.159\AsusWSWinService.exe [72192 2012-12-19] () [Datei ist nicht signiert]
S2 AtherosSvc; C:\Program Files (x86)\Bluetooth Suite\adminservice.exe [310400 2013-04-24] (Windows (R) Win 7 DDK provider) [Datei ist nicht signiert]
S2 cjpcsc; C:\WINDOWS\SysWOW64\cjpcsc.exe [557056 2015-06-16] (REINER SCT)
R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2765496 2015-07-14] (Microsoft Corporation)
S2 DptfParticipantProcessorService; C:\Windows\system32\DptfParticipantProcessorService.exe [83032 2013-07-31] (Intel Corporation)
S2 DptfPolicyConfigTDPService; C:\Windows\system32\DptfPolicyConfigTDPService.exe [100032 2013-07-31] (Intel Corporation)
S2 DptfPolicyCriticalService; C:\Windows\system32\DptfPolicyCriticalService.exe [84568 2013-07-31] (Intel Corporation)
S2 DptfPolicyLpmService; C:\Windows\system32\DptfPolicyLpmService.exe [92864 2013-07-31] (Intel Corporation)
S2 ExpressCache; C:\Program Files\Condusiv Technologies\ExpressCache\ExpressCache.exe [107944 2013-01-08] (Condusiv Technologies)
R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [733696 2013-05-11] (Intel(R) Corporation) [Datei ist nicht signiert]
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [822232 2013-05-11] (Intel(R) Corporation)
S2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [131544 2013-08-08] (Intel Corporation)
S3 iumsvc; C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\iumsvc.exe [174368 2014-02-28] ()
S2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [169432 2013-08-08] (Intel Corporation)
S2 MBAMService; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe [1133880 2015-06-18] (Malwarebytes Corporation)
R2 N360; C:\Program Files (x86)\Norton 360\Engine\22.5.2.15\N360.exe [282016 2015-07-16] (Symantec Corporation)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366552 2015-07-07] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2015-07-07] (Microsoft Corporation)
S2 ZAtheros Bt and Wlan Coex Agent; C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [323584 2013-04-24] (Atheros) [Datei ist nicht signiert]
===================== Treiber (Nicht auf der Ausnahmeliste) ==========================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
R3 ATP; C:\Windows\System32\drivers\AsusTP.sys [69392 2013-08-08] (ASUS Corporation)
R1 BHDrvx64; C:\Program Files (x86)\Norton 360\NortonData\22.5.2.15\Definitions\BASHDefs\20150904.001\BHDrvx64.sys [1650936 2015-07-23] (Symantec Corporation)
S3 BTATH_LWFLT; C:\Windows\system32\DRIVERS\btath_lwflt.sys [77464 2013-04-24] (Qualcomm Atheros)
S3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [226304 2014-11-21] (Microsoft Corporation)
R1 ccSet_N360; C:\Windows\system32\drivers\N360x64\1605020.00F\ccSetx64.sys [173808 2015-07-11] (Symantec Corporation)
S3 cjusb; C:\Windows\system32\DRIVERS\cjusb.sys [36112 2015-03-23] (REINER SCT)
R3 DptfDevDram; C:\Windows\system32\DRIVERS\DptfDevDram.sys [68072 2013-07-31] (Intel Corporation)
R3 DptfDevPch; C:\Windows\system32\DRIVERS\DptfDevPch.sys [57216 2013-07-31] (Intel Corporation)
R3 DptfDevProc; C:\Windows\system32\DRIVERS\DptfDevProc.sys [120256 2013-07-31] (Intel Corporation)
R3 DptfManager; C:\Windows\system32\DRIVERS\DptfManager.sys [200808 2013-07-31] (Intel Corporation)
S0 ebdrv; C:\Windows\System32\drivers\evbda.sys [3357024 2013-08-22] (Broadcom Corporation)
R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [498512 2015-07-27] (Symantec Corporation)
R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [153936 2015-07-27] (Symantec Corporation)
R1 excfs; C:\Windows\System32\DRIVERS\excfs.sys [26024 2013-01-08] (Condusiv Technologies)
R0 excsd; C:\Windows\System32\DRIVERS\excsd.sys [112552 2013-01-08] (Condusiv Technologies)
R1 IDSVia64; C:\Program Files (x86)\Norton 360\NortonData\22.5.2.15\Definitions\IPSDefs\20150911.003\IDSvia64.sys [767224 2015-08-29] (Symantec Corporation)
R3 kbfiltr; C:\Windows\System32\drivers\kbfiltr.sys [14992 2012-08-02] ( )
R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [25816 2015-06-18] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\WINDOWS\system32\drivers\mwac.sys [64216 2015-06-18] (Malwarebytes Corporation)
R3 MEIx64; C:\Windows\system32\DRIVERS\TeeDriverx64.sys [99288 2013-12-19] (Intel Corporation)
R3 NAVENG; C:\Program Files (x86)\Norton 360\NortonData\22.5.2.15\Definitions\VirusDefs\20150911.017\ENG64.SYS [138488 2015-05-20] (Symantec Corporation)
R3 NAVEX15; C:\Program Files (x86)\Norton 360\NortonData\22.5.2.15\Definitions\VirusDefs\20150911.017\EX64.SYS [2146040 2015-05-20] (Symantec Corporation)
R2 plctrl; C:\Program Files\ASUS\P4G\plctrl.sys [14136 2013-07-23] (Windows (R) Win 7 DDK provider)
S3 scvad_simple; C:\Windows\system32\drivers\SplitCamAudio.sys [23552 2014-06-30] (Windows (R) Win 7 DDK provider)
S3 splitcam_hd_driver; C:\Windows\system32\DRIVERS\splitcam_hd_driver.sys [37496 2014-06-30] (Windows (R) Win 7 DDK provider)
R1 SRTSP; C:\Windows\System32\Drivers\N360x64\1605020.00F\SRTSP64.SYS [926448 2015-07-11] (Symantec Corporation)
R1 SRTSPX; C:\Windows\system32\drivers\N360x64\1605020.00F\SRTSPX64.SYS [50936 2015-07-11] (Symantec Corporation)
R0 SymEFASI; C:\Windows\System32\drivers\N360x64\1605020.00F\SYMEFASI64.SYS [1620720 2015-07-11] (Symantec Corporation)
S0 SymELAM; C:\Windows\System32\drivers\N360x64\1605020.00F\SymELAM.sys [24192 2015-07-11] (Symantec Corporation)
R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [111344 2015-08-10] (Symantec Corporation)
R1 SymIRON; C:\Windows\system32\drivers\N360x64\1605020.00F\Ironx64.SYS [297720 2015-07-11] (Symantec Corporation)
R1 SymNetS; C:\Windows\System32\Drivers\N360x64\1605020.00F\SYMNETS.SYS [576248 2015-07-11] (Symantec Corporation)
S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [44560 2015-07-07] (Microsoft Corporation)
S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [270168 2015-07-07] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114520 2015-07-07] (Microsoft Corporation)
==================== NetSvcs (Nicht auf der Ausnahmeliste) ===================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
==================== Ein Monat: Erstellte Dateien und Ordner ========
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)
2015-09-12 14:53 - 2015-09-12 14:53 - 00024402 _____ C:\Users\Martin\Desktop\FRST.txt
2015-09-12 14:48 - 2015-09-12 14:48 - 00000672 _____ C:\Users\Martin\Desktop\checkup.txt
2015-09-12 14:47 - 2015-09-12 14:47 - 00852704 _____ C:\Users\Martin\Desktop\SecurityCheck.exe
2015-09-12 14:43 - 2015-09-12 14:38 - 00002801 _____ C:\Users\Martin\Desktop\ESET.txt
2015-09-12 11:35 - 2015-09-12 11:35 - 02870984 _____ (ESET) C:\Users\Martin\Desktop\esetsmartinstaller_deu.exe
2015-09-11 19:29 - 2015-09-12 11:31 - 00000074 _____ C:\Users\Martin\AppData\Roaming\sp_data.sys
2015-09-11 11:54 - 2015-09-11 11:54 - 00000793 _____ C:\Users\Martin\Desktop\JRT.txt
2015-09-11 11:46 - 2015-09-11 11:46 - 01799392 _____ (Malwarebytes Corporation) C:\Users\Martin\Desktop\JRT_7600.exe
2015-09-11 11:44 - 2015-09-11 11:44 - 00002648 _____ C:\Users\Martin\Desktop\AdwCleaner[C1].txt
2015-09-11 11:39 - 2015-09-11 11:41 - 00000000 ____D C:\AdwCleaner
2015-09-11 11:35 - 2015-09-11 11:35 - 01660416 _____ C:\Users\Martin\Desktop\AdwCleaner_5.007.exe
2015-09-11 11:32 - 2015-09-11 11:32 - 00010559 _____ C:\Users\Martin\Desktop\mbam.txt
2015-09-11 10:51 - 2015-09-11 10:51 - 00001120 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2015-09-11 10:51 - 2015-09-11 10:51 - 00000000 ____D C:\Program Files (x86)\ Malwarebytes Anti-Malware
2015-09-11 10:51 - 2015-06-18 08:42 - 00064216 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mwac.sys
2015-09-11 10:51 - 2015-06-18 08:41 - 00025816 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys
2015-09-10 14:08 - 2015-09-10 14:09 - 00121389 _____ C:\Users\Martin\Desktop\TDSSKiller.txt
2015-09-10 13:49 - 2015-09-10 13:49 - 04404952 _____ (Kaspersky Lab ZAO) C:\Users\Martin\Desktop\tdsskiller.exe
2015-09-10 12:44 - 2015-09-12 11:32 - 00113880 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2015-09-10 12:44 - 2015-09-11 10:51 - 00000000 ____D C:\ProgramData\Malwarebytes
2015-09-10 12:44 - 2015-09-10 13:47 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2015-09-10 12:42 - 2015-06-18 08:41 - 00109272 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2015-09-10 12:41 - 2015-09-10 13:47 - 00000000 ____D C:\Users\Martin\Desktop\mbar
2015-09-10 12:40 - 2015-09-10 12:40 - 16563304 _____ (Malwarebytes Corp.) C:\Users\Martin\Desktop\mbar-1.09.2.1008.exe
2015-09-10 12:30 - 2015-09-10 12:30 - 00001286 _____ C:\Users\Martin\Desktop\Revo Uninstaller.lnk
2015-09-10 12:30 - 2015-09-10 12:30 - 00000000 ____D C:\Program Files (x86)\VS Revo Group
2015-09-10 11:41 - 2015-09-10 11:41 - 00266776 _____ C:\Users\Martin\Desktop\Norton.txt
2015-09-10 11:38 - 2015-09-10 11:38 - 00003829 _____ C:\Users\Martin\Desktop\Gmer.txt
2015-09-10 11:32 - 2015-09-10 11:32 - 00380416 _____ C:\Users\Martin\Desktop\Gmer-19357.exe
2015-09-10 11:25 - 2015-09-12 14:51 - 00000474 _____ C:\Users\Martin\Desktop\defogger_disable.log
2015-09-10 10:30 - 2015-09-12 14:53 - 00000000 ____D C:\FRST
2015-09-10 10:29 - 2015-09-11 12:01 - 02190848 _____ (Farbar) C:\Users\Martin\Desktop\FRST64.exe
2015-09-10 10:26 - 2015-09-10 10:26 - 00050477 _____ C:\Users\Martin\Desktop\Defogger.exe
2015-09-10 10:26 - 2015-09-10 10:26 - 00000000 _____ C:\Users\Martin\defogger_reenable
2015-09-09 22:52 - 2015-09-09 23:49 - 00000000 ____D C:\Users\Martin\AppData\Local\NPE
2015-09-09 13:50 - 2015-09-03 04:18 - 02531400 _____ (Microsoft Corporation) C:\WINDOWS\system32\msxml6.dll
2015-09-09 13:50 - 2015-09-03 04:17 - 01903848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxml6.dll
2015-09-09 13:50 - 2015-09-02 20:48 - 02345472 _____ (Microsoft Corporation) C:\WINDOWS\system32\msxml3.dll
2015-09-09 13:50 - 2015-09-02 19:09 - 01556992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxml3.dll
2015-09-09 13:50 - 2015-08-27 04:48 - 00136904 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
2015-09-09 13:50 - 2015-08-26 20:00 - 00721920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapi.dll
2015-09-09 13:50 - 2015-08-26 20:00 - 00124928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuwebv.dll
2015-09-09 13:50 - 2015-08-26 20:00 - 00081920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wudriver.dll
2015-09-09 13:50 - 2015-08-26 20:00 - 00029696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapp.exe
2015-09-09 13:50 - 2015-08-26 16:46 - 03705344 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2015-09-09 13:50 - 2015-08-26 16:29 - 02240512 _____ (Microsoft Corporation) C:\WINDOWS\system32\wucltux.dll
2015-09-09 13:50 - 2015-08-26 16:27 - 00891904 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll
2015-09-09 13:50 - 2015-08-26 16:27 - 00409088 _____ (Microsoft Corporation) C:\WINDOWS\system32\WUSettingsProvider.dll
2015-09-09 13:50 - 2015-08-26 16:26 - 00140288 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuwebv.dll
2015-09-09 13:50 - 2015-08-26 16:26 - 00095744 _____ (Microsoft Corporation) C:\WINDOWS\system32\wudriver.dll
2015-09-09 13:50 - 2015-08-26 16:26 - 00035840 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapp.exe
2015-09-09 13:50 - 2015-08-22 20:19 - 25188352 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2015-09-09 13:50 - 2015-08-22 19:35 - 02886144 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2015-09-09 13:50 - 2015-08-22 19:22 - 19856384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2015-09-09 13:50 - 2015-08-22 19:20 - 05923840 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2015-09-09 13:50 - 2015-08-22 18:50 - 02279424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2015-09-09 13:50 - 2015-08-22 18:41 - 14451712 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2015-09-09 13:50 - 2015-08-22 18:28 - 04520448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2015-09-09 13:50 - 2015-08-22 18:26 - 02427392 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2015-09-09 13:50 - 2015-08-22 18:22 - 12857344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2015-09-09 13:50 - 2015-07-30 19:18 - 00268288 _____ (Microsoft Corporation) C:\WINDOWS\system32\InkEd.dll
2015-09-09 13:50 - 2015-07-30 18:22 - 00230912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InkEd.dll
2015-09-09 13:49 - 2015-09-02 04:56 - 04175872 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2015-09-09 13:49 - 2015-09-02 04:55 - 00358912 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\atmfd.dll
2015-09-09 13:49 - 2015-09-02 04:50 - 00044032 _____ (Adobe Systems) C:\WINDOWS\system32\atmlib.dll
2015-09-09 13:49 - 2015-09-02 04:17 - 00301568 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\atmfd.dll
2015-09-09 13:49 - 2015-09-02 04:13 - 00035840 _____ (Adobe Systems) C:\WINDOWS\SysWOW64\atmlib.dll
2015-09-09 13:49 - 2015-08-22 19:34 - 00585216 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2015-09-09 13:49 - 2015-08-22 19:21 - 00817664 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2015-09-09 13:49 - 2015-08-22 18:55 - 00504832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2015-09-09 13:49 - 2015-08-22 18:50 - 01032704 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcomm.dll
2015-09-09 13:49 - 2015-08-22 18:45 - 00665600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2015-09-09 13:49 - 2015-08-22 18:44 - 00262144 _____ (Microsoft Corporation) C:\WINDOWS\system32\webcheck.dll
2015-09-09 13:49 - 2015-08-22 18:41 - 00801280 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2015-09-09 13:49 - 2015-08-22 18:41 - 00720384 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2015-09-09 13:49 - 2015-08-22 18:41 - 00374784 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2015-09-09 13:49 - 2015-08-22 18:39 - 02126336 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2015-09-09 13:49 - 2015-08-22 18:23 - 00880128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcomm.dll
2015-09-09 13:49 - 2015-08-22 18:20 - 00230400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webcheck.dll
2015-09-09 13:49 - 2015-08-22 18:18 - 02052608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2015-09-09 13:49 - 2015-08-22 18:18 - 00689152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2015-09-09 13:49 - 2015-08-22 18:18 - 00327168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
2015-09-09 13:49 - 2015-08-22 18:14 - 01545728 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2015-09-09 13:49 - 2015-08-22 18:01 - 00800768 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2015-09-09 13:49 - 2015-08-22 18:00 - 01951232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2015-09-09 13:49 - 2015-08-22 17:56 - 01310720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2015-09-09 13:49 - 2015-08-22 17:55 - 00710144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2015-09-09 13:49 - 2015-08-03 23:15 - 00074928 _____ (Microsoft Corporation) C:\WINDOWS\system32\appidapi.dll
2015-09-09 13:49 - 2015-08-03 23:15 - 00065600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\appidapi.dll
2015-09-09 13:49 - 2015-08-01 16:22 - 00039936 _____ (Microsoft Corporation) C:\WINDOWS\system32\appidsvc.dll
2015-09-09 13:49 - 2015-08-01 05:47 - 00229376 _____ (Microsoft Corporation) C:\WINDOWS\system32\schtasks.exe
2015-09-09 13:49 - 2015-08-01 05:45 - 00182784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\schtasks.exe
2015-09-09 13:49 - 2015-08-01 05:38 - 01265152 _____ (Microsoft Corporation) C:\WINDOWS\system32\schedsvc.dll
2015-09-09 13:49 - 2015-08-01 05:37 - 00468992 _____ (Microsoft Corporation) C:\WINDOWS\system32\taskeng.exe
2015-09-09 13:49 - 2015-08-01 05:37 - 00359936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\taskeng.exe
2015-09-09 13:49 - 2015-07-22 16:34 - 02775552 _____ (Microsoft Corporation) C:\WINDOWS\system32\authui.dll
2015-09-09 13:49 - 2015-07-22 16:33 - 01728000 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Immersive.dll
2015-09-09 13:49 - 2015-07-22 16:25 - 02461184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\authui.dll
2015-09-09 13:49 - 2015-07-22 16:25 - 01546752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Immersive.dll
2015-09-09 13:49 - 2015-07-18 20:31 - 00194048 _____ (Microsoft Corporation) C:\WINDOWS\system32\shacct.dll
2015-09-09 13:49 - 2015-07-18 20:29 - 00655872 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSync.dll
2015-09-09 13:49 - 2015-07-18 20:29 - 00148480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shacct.dll
2015-09-09 13:49 - 2015-07-18 20:27 - 00520192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSync.dll
2015-09-05 20:39 - 2015-09-05 20:39 - 00000000 ____D C:\Users\Martin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2015-08-25 11:36 - 2015-08-25 11:36 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2015-08-25 11:20 - 2015-08-27 15:42 - 00000000 ____D C:\Users\Martin\Desktop\Blühmischung Haselrain 2015
2015-08-22 14:16 - 2015-07-22 16:19 - 00041984 _____ (Microsoft Corporation) C:\WINDOWS\system32\UtcResources.dll
2015-08-22 14:16 - 2015-07-22 15:52 - 01633792 _____ (Microsoft Corporation) C:\WINDOWS\system32\diagtrack.dll
2015-08-22 14:16 - 2015-07-17 16:15 - 00951296 _____ (Microsoft Corporation) C:\WINDOWS\system32\tdh.dll
2015-08-22 14:16 - 2015-07-17 16:10 - 00749568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tdh.dll
2015-08-22 14:16 - 2015-07-03 23:51 - 01380056 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32.dll
2015-08-22 14:16 - 2015-07-03 16:00 - 01097216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32.dll
2015-08-22 14:16 - 2015-06-27 13:47 - 00118616 _____ (Microsoft Corporation) C:\WINDOWS\system32\consent.exe
2015-08-22 14:16 - 2015-06-19 19:07 - 02819072 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers.dll
2015-08-22 14:15 - 2015-07-14 05:27 - 00063488 _____ (Microsoft Corporation) C:\WINDOWS\system32\tzsync.exe
2015-08-22 14:15 - 2015-07-13 21:10 - 00411455 _____ C:\WINDOWS\system32\ApnDatabase.xml
2015-08-22 14:15 - 2015-07-10 21:06 - 00118272 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bthpan.sys
2015-08-22 14:15 - 2015-07-09 18:14 - 00228864 _____ (Microsoft Corporation) C:\WINDOWS\system32\profsvc.dll
2015-08-22 14:01 - 2015-07-30 16:04 - 00124624 _____ (Microsoft Corporation) C:\WINDOWS\system32\PresentationCFFRasterizerNative_v0300.dll
2015-08-22 14:01 - 2015-07-30 15:48 - 00103120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PresentationCFFRasterizerNative_v0300.dll
2015-08-22 13:49 - 2015-07-16 22:36 - 00417792 _____ (Microsoft Corporation) C:\WINDOWS\system32\html.iec
2015-08-22 13:49 - 2015-07-16 22:23 - 00615936 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieui.dll
2015-08-22 13:49 - 2015-07-16 21:53 - 00145408 _____ (Microsoft Corporation) C:\WINDOWS\system32\iepeers.dll
2015-08-22 13:49 - 2015-07-16 21:50 - 00341504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\html.iec
2015-08-22 13:49 - 2015-07-16 21:41 - 00479232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieui.dll
2015-08-22 13:49 - 2015-07-16 21:14 - 02880000 _____ (Microsoft Corporation) C:\WINDOWS\system32\actxprxy.dll
2015-08-22 13:49 - 2015-07-16 20:52 - 01048576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\actxprxy.dll
2015-08-22 13:49 - 2015-07-16 02:29 - 07458648 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2015-08-22 13:49 - 2015-07-16 02:29 - 01735000 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll
2015-08-22 13:49 - 2015-07-16 02:29 - 00101720 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mountmgr.sys
2015-08-22 13:49 - 2015-07-16 02:28 - 01499920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll
2015-08-22 13:49 - 2015-07-10 19:54 - 01217024 _____ (Microsoft Corporation) C:\WINDOWS\system32\sysmain.dll
2015-08-22 13:48 - 2015-07-07 11:40 - 00270168 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WdFilter.sys
2015-08-22 13:48 - 2015-07-07 11:40 - 00114520 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WdNisDrv.sys
2015-08-22 13:48 - 2015-07-07 11:40 - 00044560 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WdBoot.sys
2015-08-22 13:48 - 2015-07-02 00:19 - 00228864 _____ (Microsoft Corporation) C:\WINDOWS\system32\WebClnt.dll
2015-08-22 13:48 - 2015-07-02 00:16 - 00104448 _____ (Microsoft Corporation) C:\WINDOWS\system32\davclnt.dll
2015-08-22 13:48 - 2015-07-01 23:37 - 00198656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WebClnt.dll
2015-08-22 13:48 - 2015-07-01 23:35 - 00087040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\davclnt.dll
2015-08-22 13:47 - 2015-07-29 16:37 - 01994752 _____ (Microsoft Corporation) C:\WINDOWS\system32\DWrite.dll
2015-08-22 13:47 - 2015-07-29 16:30 - 01381888 _____ (Microsoft Corporation) C:\WINDOWS\system32\FntCache.dll
2015-08-22 13:47 - 2015-07-29 16:23 - 01559552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DWrite.dll
2015-08-22 13:47 - 2015-07-13 21:46 - 00059392 _____ (Microsoft Corporation) C:\WINDOWS\system32\csrsrv.dll
2015-08-22 13:47 - 2015-07-13 21:45 - 00059392 _____ (Microsoft Corporation) C:\WINDOWS\system32\basesrv.dll
2015-08-22 13:47 - 2015-07-10 20:19 - 01101824 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdvidcrl.dll
2015-08-22 13:47 - 2015-07-10 19:14 - 00856064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rdvidcrl.dll
2015-08-22 13:47 - 2015-07-10 19:13 - 07032320 _____ (Microsoft Corporation) C:\WINDOWS\system32\mstscax.dll
2015-08-22 13:47 - 2015-07-10 18:31 - 06213120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mstscax.dll
2015-08-22 13:47 - 2015-07-09 19:13 - 00221184 _____ (Microsoft Corporation) C:\WINDOWS\system32\notepad.exe
2015-08-22 13:47 - 2015-07-09 19:13 - 00221184 _____ (Microsoft Corporation) C:\WINDOWS\notepad.exe
2015-08-22 13:47 - 2015-07-09 18:30 - 00212992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\notepad.exe
2015-08-13 12:06 - 2015-08-25 16:43 - 00000000 ____D C:\Users\Martin\Desktop\BA Präsentation
==================== Ein Monat: Geänderte Dateien und Ordner ========
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)
2015-09-12 14:37 - 2015-07-15 14:26 - 00001256 _____ C:\WINDOWS\Tasks\DropboxUpdateTaskUserS-1-5-21-3515464670-2770779577-3274627398-1002UA.job
2015-09-12 14:00 - 2013-08-22 17:36 - 00000000 ____D C:\WINDOWS\system32\sru
2015-09-12 12:00 - 2015-05-15 12:01 - 00003474 _____ C:\WINDOWS\System32\Tasks\ASUS Live Update1
2015-09-12 12:00 - 2015-05-15 12:01 - 00003464 _____ C:\WINDOWS\System32\Tasks\ASUS Live Update2
2015-09-12 11:50 - 2015-01-20 21:08 - 01539999 _____ C:\WINDOWS\WindowsUpdate.log
2015-09-12 11:37 - 2014-11-21 05:35 - 01776918 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2015-09-12 11:37 - 2014-11-21 04:45 - 00773008 _____ C:\WINDOWS\system32\perfh007.dat
2015-09-12 11:37 - 2014-11-21 04:45 - 00162310 _____ C:\WINDOWS\system32\perfc007.dat
2015-09-12 11:35 - 2014-03-21 17:29 - 00003598 _____ C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-3515464670-2770779577-3274627398-1002
2015-09-11 11:42 - 2014-11-20 20:24 - 00094040 _____ C:\WINDOWS\PFRO.log
2015-09-11 11:42 - 2013-08-22 16:46 - 00355372 _____ C:\WINDOWS\setupact.log
2015-09-11 11:42 - 2013-08-22 16:45 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2015-09-11 11:41 - 2014-06-02 18:13 - 00001118 _____ C:\Users\Martin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Search.lnk
2015-09-11 11:27 - 2012-07-26 10:12 - 00000000 ___HD C:\WINDOWS\ELAMBKUP
2015-09-11 11:27 - 2012-07-26 10:12 - 00000000 ____D C:\WINDOWS\TAPI
2015-09-10 14:35 - 2015-01-21 11:45 - 00000000 ____D C:\WINDOWS\Minidump
2015-09-10 14:35 - 2014-03-11 01:33 - 00232642 ____N C:\WINDOWS\Minidump\091015-68250-01.dmp
2015-09-10 10:37 - 2015-07-15 14:26 - 00001204 _____ C:\WINDOWS\Tasks\DropboxUpdateTaskUserS-1-5-21-3515464670-2770779577-3274627398-1002Core.job
2015-09-10 10:26 - 2015-01-20 21:15 - 00000000 ____D C:\Users\Martin
2015-09-09 23:47 - 2014-03-23 20:18 - 00000000 ____D C:\Program Files (x86)\Scoretec
2015-09-09 23:39 - 2013-08-22 15:25 - 00262144 ___SH C:\WINDOWS\system32\config\BBI
2015-09-09 22:53 - 2014-03-21 19:13 - 00000000 ____D C:\ProgramData\Norton
2015-09-09 14:31 - 2013-08-22 16:44 - 00483672 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2015-09-09 14:31 - 2013-08-22 15:25 - 00262144 ___SH C:\WINDOWS\system32\config\ELAM
2015-09-09 14:29 - 2014-11-21 05:13 - 00000000 ____D C:\Program Files\Windows Journal
2015-09-09 14:29 - 2013-08-22 17:36 - 00000000 ____D C:\WINDOWS\PolicyDefinitions
2015-09-09 14:01 - 2012-07-26 09:59 - 00000000 ____D C:\WINDOWS\CbsTemp
2015-09-09 13:55 - 2014-04-18 19:47 - 00000000 ____D C:\WINDOWS\system32\MRT
2015-09-08 19:33 - 2014-07-01 16:17 - 00000000 ____D C:\Users\Martin\AppData\Local\CrashDumps
2015-09-08 16:49 - 2014-12-03 19:22 - 00000000 ____D C:\Users\Martin\AppData\Roaming\Skype
2015-09-07 10:27 - 2015-08-03 17:32 - 00000000 ____D C:\Users\Martin\Desktop\KiBiWo 2015
2015-09-05 20:39 - 2014-07-18 18:33 - 00000000 ____D C:\Users\Martin\AppData\Roaming\Dropbox
2015-09-05 20:14 - 2013-10-05 22:54 - 00000000 ____D C:\Program Files (x86)\Bluetooth Suite
2015-09-04 17:49 - 2014-03-11 02:05 - 00000000 ____D C:\Users\Martin\AppData\Local\Packages
2015-09-02 18:27 - 2014-04-27 15:49 - 00000000 ____D C:\Users\Martin\Documents\Kürbisschilder
2015-09-02 18:12 - 2014-04-27 15:50 - 00011294 _____ C:\Users\Martin\Documents\Verkaufsliste.xlsx
2015-08-29 10:25 - 2014-04-27 15:59 - 00000000 ____D C:\Users\Martin\Desktop\KGR
2015-08-27 16:07 - 2014-04-27 15:50 - 00000000 ____D C:\Users\Martin\Documents\Agrardieselvergütung
2015-08-27 10:50 - 2014-04-27 15:59 - 00000000 ____D C:\Users\Martin\Desktop\Kinderkirche
2015-08-26 18:37 - 2014-04-18 19:47 - 134753440 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2015-08-25 11:36 - 2014-12-03 19:22 - 00002715 _____ C:\Users\Public\Desktop\Skype.lnk
2015-08-25 11:36 - 2014-12-03 19:22 - 00000000 ___RD C:\Program Files (x86)\Skype
2015-08-25 11:36 - 2014-12-03 19:21 - 00000000 ____D C:\ProgramData\Skype
2015-08-22 14:05 - 2014-05-20 11:39 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2015-08-22 14:05 - 2014-05-20 11:39 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2015-08-22 14:04 - 2013-08-22 17:36 - 00000000 ___RD C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2015-08-22 14:04 - 2013-08-22 17:36 - 00000000 ___RD C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2015-08-22 14:04 - 2013-08-22 17:36 - 00000000 ____D C:\Program Files\Windows Defender
2015-08-22 14:04 - 2013-08-22 17:36 - 00000000 ____D C:\Program Files (x86)\Windows Defender
2015-08-22 14:00 - 2014-05-20 11:40 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2015-08-22 13:51 - 2013-08-22 17:36 - 00000000 ___RD C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2015-08-22 13:51 - 2013-08-22 17:36 - 00000000 ___RD C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2015-08-22 11:44 - 2014-03-21 17:30 - 00000000 ____D C:\Program Files\Microsoft Office 15
2015-08-20 17:23 - 2014-04-27 15:49 - 00000000 ____D C:\Users\Martin\Documents\Schnaps Etiketten
2015-08-20 10:28 - 2014-04-27 15:50 - 00000000 ____D C:\Users\Martin\Documents\Äcker und Wiesen
2015-08-19 19:13 - 2014-04-27 15:49 - 00000000 ____D C:\Users\Martin\Documents\Dokumentation von Pflanzenschutz
2015-08-14 15:07 - 2014-09-28 10:16 - 00000000 ____D C:\Users\Martin\AppData\Roaming\HpUpdate
==================== Dateien im Wurzelverzeichnis einiger Verzeichnisse =======
2014-04-18 19:36 - 2014-04-18 19:36 - 0000235 _____ () C:\Users\Martin\AppData\Roaming\devices.xml
2014-04-18 19:36 - 2014-04-18 19:36 - 0000012 _____ () C:\Users\Martin\AppData\Roaming\settings.xml
2015-09-11 19:29 - 2015-09-12 11:31 - 0000074 _____ () C:\Users\Martin\AppData\Roaming\sp_data.sys
2015-03-01 16:01 - 2015-03-01 16:01 - 0001461 _____ () C:\Users\Martin\AppData\Local\recently-used.xbel
2014-09-28 10:14 - 2014-09-28 10:14 - 0000057 _____ () C:\ProgramData\Ament.ini
2015-04-03 15:09 - 2015-04-03 15:09 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
2014-04-18 18:59 - 2014-07-21 19:54 - 0000955 _____ () C:\ProgramData\hpzinstall.log
2013-04-26 01:15 - 2012-09-07 13:40 - 0000256 _____ () C:\ProgramData\SetStretch.cmd
2013-04-26 01:15 - 2009-07-22 12:04 - 0024576 _____ () C:\ProgramData\SetStretch.exe
2013-04-26 01:15 - 2012-09-07 13:37 - 0000103 _____ () C:\ProgramData\SetStretch.VBS
Dateien, die verschoben oder gelöscht werden sollten:
====================
C:\ProgramData\SetStretch.VBS
Einige Dateien in TEMP:
====================
C:\Users\Martin\AppData\Local\Temp\sqlite3.dll
==================== Bamital & volsnap =================
(Es ist kein automatischer Fix für Dateien vorhanden, die an der Verifikation gescheitert sind.)
C:\WINDOWS\system32\winlogon.exe => Datei ist digital signiert
C:\WINDOWS\system32\wininit.exe => Datei ist digital signiert
C:\WINDOWS\explorer.exe => Datei ist digital signiert
C:\WINDOWS\SysWOW64\explorer.exe => Datei ist digital signiert
C:\WINDOWS\system32\svchost.exe => Datei ist digital signiert
C:\WINDOWS\SysWOW64\svchost.exe => Datei ist digital signiert
C:\WINDOWS\system32\services.exe => Datei ist digital signiert
C:\WINDOWS\system32\User32.dll => Datei ist digital signiert
C:\WINDOWS\SysWOW64\User32.dll => Datei ist digital signiert
C:\WINDOWS\system32\userinit.exe => Datei ist digital signiert
C:\WINDOWS\SysWOW64\userinit.exe => Datei ist digital signiert
C:\WINDOWS\system32\rpcss.dll => Datei ist digital signiert
C:\WINDOWS\system32\dnsapi.dll => Datei ist digital signiert
C:\WINDOWS\SysWOW64\dnsapi.dll => Datei ist digital signiert
C:\WINDOWS\system32\Drivers\volsnap.sys => Datei ist digital signiert
LastRegBack: 2015-09-10 13:35
==================== Ende von FRST.txt ============================
Code:
ATTFilter Zusätzliches Untersuchungsergebnis von Farbar Recovery Scan Tool (x64) Version:10-09-2015 01
durchgeführt von Martin (2015-09-12 14:54:24)
Gestartet von C:\Users\Martin\Desktop
Windows 8.1 (X64) (2015-01-20 19:36:44)
Start-Modus: Normal
==========================================================
==================== Konten: =============================
Administrator (S-1-5-21-3515464670-2770779577-3274627398-500 - Administrator - Disabled)
Gast (S-1-5-21-3515464670-2770779577-3274627398-501 - Limited - Disabled)
Martin (S-1-5-21-3515464670-2770779577-3274627398-1002 - Administrator - Enabled) => C:\Users\Martin
UpdatusUser (S-1-5-21-3515464670-2770779577-3274627398-1001 - Limited - Enabled) => C:\Users\UpdatusUser
==================== Sicherheits-Center ========================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er entfernt.)
AV: Norton 360 Online (Enabled - Up to date) {53C7D717-52E2-B95E-FA61-6F32ECC805DB}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Norton 360 Online (Enabled - Up to date) {E8A636F3-74D8-B6D0-C0D1-5440974F4F66}
FW: Norton 360 Online (Enabled) {6BFC5632-188D-B806-D13E-C607121B42A0}
==================== Installierte Programme ======================
(Nur Adware-Programme mit dem Zusatz "Hidden" können in die Fixlist aufgenommen werden, um sie sichtbar zu machen. Die Adware-Programme sollten manuell deinstalliert werden.)
Adobe Reader XI (11.0.12) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.12 - Adobe Systems Incorporated)
ASUS Live Update (HKLM-x32\...\{FA540E67-095C-4A1B-97BA-4D547DEC9AF4}) (Version: 3.3.4 - ASUS)
ASUS Power4Gear Hybrid (HKLM\...\{9B6239BF-4E85-4590-8D72-51E30DB1A9AA}) (Version: 3.0.5 - ASUS)
ASUS Screen Saver (HKLM\...\{0FBEEDF8-30FA-4FA3-B31F-C9C7E7E8DFA2}) (Version: 1.0.1 - ASUS)
ASUS Smart Gesture (HKLM-x32\...\{4D3286A6-F6AB-498A-82A4-E4F040529F3D}) (Version: 2.2.2 - ASUS)
ASUS Splendid Video Enhancement Technology (HKLM-x32\...\{0969AF05-4FF6-4C00-9406-43599238DE0D}) (Version: 2.01.0018 - ASUS)
ASUS USB Charger Plus (HKLM-x32\...\{A859E3E5-C62F-4BFA-AF1D-2B95E03166AF}) (Version: 3.1.5 - ASUS)
ASUS VivoBook (HKLM\...\{04FDBE69-F9FD-42A2-9008-E5CE7F60C6BE}) (Version: 1.0.31 - ASUS)
ASUS WebStorage Sync Agent (HKLM-x32\...\ASUS WebStorage) (Version: 1.1.18.159 - ASUS Cloud Corporation)
ASUSDVD (HKLM-x32\...\InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}) (Version: 10.0.5520.52 - CyberLink Corp.)
ASUSDVD (x32 Version: 10.0.5520.52 - CyberLink Corp.) Hidden
AsusVibe2.0 (HKLM-x32\...\Asus Vibe2.0) (Version: 2.0.12.310 - ASUSTEK)
ATK Package (HKLM-x32\...\{AB5C933E-5C7D-4D30-B314-9C83A49B94BE}) (Version: 1.0.0030 - ASUS)
AusweisApp2 (HKLM-x32\...\{1C785E05-CFC7-43BE-9A52-9FB39C180CB8}) (Version: 1.2.2 - Governikus GmbH & Co. KG)
Azteca (x32 Version: 2.2.0.97 - WildTangent) Hidden
Bejeweled 3 (x32 Version: 2.2.0.97 - WildTangent) Hidden
Cisco AnyConnect Secure Mobility Client (HKLM-x32\...\Cisco AnyConnect Secure Mobility Client) (Version: 3.1.00495 - Cisco Systems, Inc.)
Cisco AnyConnect Secure Mobility Client (x32 Version: 3.1.00495 - Cisco Systems, Inc.) Hidden
Cut the Rope (x32 Version: 3.0.2.38 - WildTangent) Hidden
cyberJack Base Components (HKLM-x32\...\{FC338210-F594-11D3-BA24-00001C3AB4DF}) (Version: 7.2.0 - REINER SCT)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Dropbox (HKU\S-1-5-21-3515464670-2770779577-3274627398-1002\...\Dropbox) (Version: 3.8.8 - Dropbox, Inc.)
ExpressCache (HKLM\...\{C123584F-9C84-45E8-AE5F-522328BB79A0}) (Version: 1.0.100.0 - Condusiv Technologies)
Fotogalerie (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Galerie de photos (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
GIMP 2.8.14 (HKLM\...\GIMP-2_is1) (Version: 2.8.14 - The GIMP Team)
HP FWUpdateEDO2 (HKLM-x32\...\{415FA9AD-DA10-4ABE-97B6-5051D4795C90}) (Version: 1.2.0.0 - Hewlett-Packard)
HP Officejet Pro 8610 - Grundlegende Software für das Gerät (HKLM\...\{C1586445-E3CA-45F0-A754-E6C2784CDDB7}) (Version: 32.3.198.49673 - Hewlett-Packard Co.)
HP Officejet Pro 8610 Hilfe (HKLM-x32\...\{2466D8D5-4856-4492-BDEF-48A640F58866}) (Version: 32.0.0 - Hewlett Packard)
HP Update (HKLM-x32\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)
HPDiagnosticAlert (x32 Version: 1.00.0001 - Microsoft) Hidden
I.R.I.S. OCR (HKLM-x32\...\{CA6BCA2F-EDEB-408F-850B-31404BE16A61}) (Version: 12.3.4.0 - HP)
Intel Experience Center - Configuration (x32 Version: 1.9.0.8 - Intel) Hidden
Intel(R) Dynamic Platform and Thermal Framework (HKLM-x32\...\FFD10ECE-F715-4a86-9BD8-F6F47DA5DA1C) (Version: 7.0.0.2023 - Intel Corporation)
Intel(R) Experience Center Desktop Software (HKLM-x32\...\{85de612b-ee05-476a-87cc-52e5740de420}) (Version: 1.9.0.8 - Intel)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.5.13.1706 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3308 - Intel Corporation)
Intel(R) SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 3.0.0.63463 - Intel Corporation)
Intel(R) Update Manager (HKLM-x32\...\{12914061-EB9B-4AE7-AC7E-0B8A607C7DF4}) (Version: 2.3.1338 - Intel Corporation)
i-port.de Bestellsoftware (HKLM-x32\...\{B4244B8D-0D9C-4EB0-BDF3-03A2060E96A8}}_is1) (Version: 3.5.7.5 - Foto Online Service GmbH)
Malwarebytes Anti-Malware Version 2.1.8.1057 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.8.1057 - Malwarebytes Corporation)
Microsoft Office 365 - de-de (HKLM\...\O365HomePremRetail - de-de) (Version: 15.0.4745.1002 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-3515464670-2770779577-3274627398-1002\...\OneDriveSetup.exe) (Version: 17.3.1171.0714 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.40728.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft Visual Studio 2010-Tools für Office-Laufzeit (x64) Language Pack - DEU (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64) Language Pack - DEU) (Version: 10.0.50903 - Microsoft Corporation)
Movie Maker (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Mozilla Firefox 39.0 (x86 de) (HKLM-x32\...\Mozilla Firefox 39.0 (x86 de)) (Version: 39.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 38.0.1 - Mozilla)
MyBitCast 2.0 (HKLM-x32\...\MyBitCast) (Version: 2.0 - ASUS)
Norton 360 Online (HKLM-x32\...\N360) (Version: 22.5.2.15 - Symantec Corporation)
NVIDIA Grafiktreiber 331.65 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 331.65 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.13.0725 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.13.0725 - NVIDIA Corporation)
NVIDIA Update 1.15.2 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 1.15.2 - NVIDIA Corporation)
Office 15 Click-to-Run Extensibility Component (x32 Version: 15.0.4745.1002 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Licensing Component (Version: 15.0.4745.1002 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Localization Component (x32 Version: 15.0.4745.1002 - Microsoft Corporation) Hidden
Peggle (x32 Version: 2.2.0.95 - WildTangent) Hidden
Penguins! (x32 Version: 2.2.0.98 - WildTangent) Hidden
Qualcomm Atheros Bluetooth Suite (64) (HKLM\...\{A84A4FB1-D703-48DB-89E0-68B6499D2801}) (Version: 8.0.0.226 - Qualcomm Atheros Communications)
Qualcomm Atheros Client Installation Program (HKLM-x32\...\{28006915-2739-4EBE-B5E8-49B25D32EB33}) (Version: 10.0 - Qualcomm Atheros)
Raccolta foto (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.16.614.2013 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7404 - Realtek Semiconductor Corp.)
Realtek USB Card Reader (HKLM-x32\...\{1E496A68-4943-424E-829D-5C3C85B7B8F2}) (Version: 6.2.9200.39041 - Realtek Semiconductor Corp.)
Revo Uninstaller 1.95 (HKLM-x32\...\Revo Uninstaller) (Version: 1.95 - VS Revo Group)
Shared C Run-time for x64 (HKLM\...\{EF79C448-6946-4D71-8134-03407888C054}) (Version: 10.0.0 - McAfee)
SigmaPlot 13.0 (HKLM-x32\...\{88B90FF3-D0D3-454A-AACE-9B026E2829E3}) (Version: 13.0 - Systat Software, Inc.)
Skype™ 7.8 (HKLM-x32\...\{6A0549A9-1B96-498C-ACBC-3943001FEB19}) (Version: 7.8.102 - Skype Technologies S.A.)
Startfenster (HKLM-x32\...\Startfenster) (Version: - Startfenster)
Studie zur Verbesserung von HP Officejet Pro 8610 (HKLM\...\{C597CC7C-D465-4761-8516-274F3713FE85}) (Version: 32.3.198.49673 - Hewlett-Packard Co.)
Tales of Lagoona (x32 Version: 2.2.0.110 - WildTangent) Hidden
Update Installer for WildTangent Games App (x32 Version: - WildTangent) Hidden
VLC media player (HKLM\...\VLC media player) (Version: 2.2.0 - VideoLAN)
WildTangent Games (HKLM-x32\...\WildTangent wildgames Master Uninstall) (Version: 1.0.0.0 - WildTangent)
WildTangent Games App (x32 Version: 4.0.10.5 - WildTangent) Hidden
Windows Driver Package - ASUS (ATP) Mouse (07/16/2013 1.0.0.181) (HKLM\...\16D5A24C881B7CEE31FBA6DD5EC1C194C188F85A) (Version: 07/16/2013 1.0.0.181 - ASUS)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3505.0912 - Microsoft Corporation)
WinFlash (HKLM-x32\...\{8F21291E-0444-4B1D-B9F9-4370A73E346D}) (Version: 2.42.0 - ASUS)
==================== Benutzerdefinierte CLSID (Nicht auf der Ausnahmeliste): ==========================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
CustomCLSID: HKU\S-1-5-21-3515464670-2770779577-3274627398-1002_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Martin\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3515464670-2770779577-3274627398-1002_Classes\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}\InprocServer32 -> C:\Users\Martin\AppData\Local\Microsoft\SkyDrive\17.3.1171.0714\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3515464670-2770779577-3274627398-1002_Classes\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}\InprocServer32 -> C:\Users\Martin\AppData\Local\Microsoft\SkyDrive\17.3.1171.0714\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3515464670-2770779577-3274627398-1002_Classes\CLSID\{CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B}\InprocServer32 -> C:\Users\Martin\AppData\Local\Microsoft\SkyDrive\17.3.1171.0714\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3515464670-2770779577-3274627398-1002_Classes\CLSID\{ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C}\InprocServer32 -> C:\Users\Martin\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3515464670-2770779577-3274627398-1002_Classes\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}\InprocServer32 -> C:\Users\Martin\AppData\Local\Microsoft\SkyDrive\17.3.1171.0714\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3515464670-2770779577-3274627398-1002_Classes\CLSID\{F8071786-1FD0-4A66-81A1-3CBE29274458}\InprocServer32 -> C:\Users\Martin\AppData\Local\Microsoft\SkyDrive\17.3.1171.0714\amd64\FileSyncApi64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3515464670-2770779577-3274627398-1002_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Martin\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3515464670-2770779577-3274627398-1002_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Martin\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3515464670-2770779577-3274627398-1002_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Martin\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3515464670-2770779577-3274627398-1002_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Martin\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3515464670-2770779577-3274627398-1002_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Martin\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3515464670-2770779577-3274627398-1002_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Martin\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3515464670-2770779577-3274627398-1002_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Martin\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3515464670-2770779577-3274627398-1002_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Martin\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3515464670-2770779577-3274627398-1002_Classes\CLSID\{FBC9D74C-AF55-4309-9FB2-C426E071637F}\InprocServer32 -> C:\Users\Martin\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll (Dropbox, Inc.)
==================== Wiederherstellungspunkte =========================
25-07-2015 09:11:27 Windows Update
02-08-2015 16:32:20 Norton 360 Registry Clean
08-08-2015 10:31:12 Windows Update
22-08-2015 13:49:43 Windows Update
09-09-2015 13:50:19 Windows Update
11-09-2015 11:48:34 JRT Pre-Junkware Removal
==================== Hosts Inhalt: ===============================
(Wenn benötigt kann der Hosts: Schalter in die Fixlist aufgenommen werden um die Hosts Datei zurückzusetzen.)
2013-08-22 15:25 - 2013-08-22 15:25 - 00000824 ____N C:\WINDOWS\system32\Drivers\etc\hosts
==================== Geplante Aufgaben (Nicht auf der Ausnahmeliste) =============
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
Task: {0D131646-A5B6-454C-971A-882CE4E00C8B} - System32\Tasks\ASUS Splendid ACMON => C:\Program Files (x86)\ASUS\Splendid\ACMON.exe [2013-08-19] (ASUS)
Task: {158C4F9B-4D7F-4FDD-A95C-A76B7DA42A43} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesCommonx86\Microsoft Shared\OFFICE15\OLicenseHeartbeat.exe [2015-07-14] (Microsoft Corporation)
Task: {40A7D62C-5CB7-4581-A718-7946C23281FE} - System32\Tasks\ASUS Patch for Touch Panel => C:\ProgramData\AsTouchPanel\AsPatchTouchPanel64.exe [2013-01-09] (ASUSTek Computer INC.)
Task: {414353C2-75C7-4589-95DA-2201D2EC6CCA} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2015-07-14] (Microsoft Corporation)
Task: {41FDFD20-DC8E-4263-B96A-A033ADF904D2} - System32\Tasks\HPCustParticipation HP Officejet Pro 8610 => C:\Program Files\HP\HP Officejet Pro 8610\Bin\HPCustPartic.exe [2014-07-21] (Hewlett-Packard Development Company, LP)
Task: {4316F57C-F1D6-41D1-8AB5-41CA9DA993F2} - System32\Tasks\ASUS Live Update2 => C:\Program Files (x86)\ASUS\ASUS Live Update\LiveUpdate.exe [2015-03-23] (ASUSTeK Computer Inc.)
Task: {4609E992-5058-4FE5-BC46-C59781E3FAAC} - System32\Tasks\DropboxUpdateTaskUserS-1-5-21-3515464670-2770779577-3274627398-1002Core => C:\Users\Martin\AppData\Local\Dropbox\Update\DropboxUpdate.exe [2015-07-15] (Dropbox, Inc.)
Task: {476214CB-C268-4E55-A39D-951D6F185618} - System32\Tasks\ASUS InstantOn Config => C:\Program Files\ASUS\P4G\InsOnCfg.exe
Task: {506915FB-00F1-4FB3-865E-FA1BD37788FC} - System32\Tasks\Update Checker => C:\Program Files (x86)\ASUS\ASUS Live Update\UpdateChecker.exe [2015-02-12] ()
Task: {5EEFCB2D-EC58-446D-BBBD-9EE76B731A5C} - System32\Tasks\ASUS Smart Gesture Launcher => C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPLauncher.exe [2013-08-08] (AsusTek)
Task: {758EDA08-946B-42A3-9B92-7344EFBF5F05} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2015-08-26] (Microsoft Corporation)
Task: {83016F80-86D4-4FA4-9072-4A48BE46F1E8} - System32\Tasks\ASUS Splendid ColorU => C:\Program Files (x86)\ASUS\Splendid\ColorUService.exe [2013-08-16] (ASUSTeK Computer Inc.)
Task: {8EEBD759-4DA4-4BEF-B46A-FC019794AE32} - System32\Tasks\Norton 360\Norton Error Processor => C:\Program Files (x86)\Norton 360\Engine\22.5.2.15\SymErr.exe [2015-05-19] (Symantec Corporation)
Task: {9F4ED208-CB89-46A3-BBD0-6D91F7D6B1D5} - System32\Tasks\ASUS Live Update1 => C:\Program Files (x86)\ASUS\ASUS Live Update\LiveUpdate.exe [2015-03-23] (ASUSTeK Computer Inc.)
Task: {A54C85A3-480F-41E4-AAA9-89F9594A9E53} - System32\Tasks\Remediation\AntimalwareMigrationTask => C:\Program Files\Common Files\AV\Norton 360 Online\Upgrade.exe [2015-07-27] (Symantec Corporation)
Task: {AEC33DD3-D455-42C2-9C40-C60D7AF59A0A} - System32\Tasks\Norton WSC Integration => C:\Program Files (x86)\Norton 360\Engine\22.5.2.15\WSCStub.exe [2015-07-16] (Symantec Corporation)
Task: {B619E8E9-7D21-436F-9C7B-85B29F4C2A91} - System32\Tasks\DropboxUpdateTaskUserS-1-5-21-3515464670-2770779577-3274627398-1002UA => C:\Users\Martin\AppData\Local\Dropbox\Update\DropboxUpdate.exe [2015-07-15] (Dropbox, Inc.)
Task: {BBFD86CC-AEF2-4341-B3CC-0420A8AFEECD} - System32\Tasks\AsusVibeSchedule => C:\Program Files (x86)\Asus\AsusVibe\AsusVibeLauncher.exe [2013-07-09] ()
Task: {BD8526F5-7A39-4C04-BFC2-ACD114C5DB18} - System32\Tasks\Norton 360\Norton Error Analyzer => C:\Program Files (x86)\Norton 360\Engine\22.5.2.15\SymErr.exe [2015-05-19] (Symantec Corporation)
Task: {BEF3F9E0-2977-43D1-A730-07607EA5BE2F} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2015-07-14] (Microsoft Corporation)
Task: {C2172E41-921E-4DB9-A45A-A91A0D04CAF8} - System32\Tasks\ASUS Vivokey => C:\Program Files\ASUS\ASUS VivoBook\vivokey.exe [2013-08-23] (ASUSTek Computer Inc.)
Task: {C5314E75-AC88-4F4B-BDB6-2D319DEF4932} - System32\Tasks\RtHDVBg => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [2014-12-11] (Realtek Semiconductor)
Task: {CE0C27F4-2FCB-4224-A851-9BD1D1327D56} - System32\Tasks\CreateChoiceProcessTask => C:\Windows\BrowserChoice\browserchoice.exe
Task: {D257DF6D-57BC-4886-8988-F80E5E861B54} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-07-07] (Adobe Systems Incorporated)
Task: {D5EF0318-843C-4AC3-9C2B-21977C825E51} - System32\Tasks\RTKCPL => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [2014-12-11] (Realtek Semiconductor)
Task: {E45FA079-0A84-4A35-864A-BC4CF4234544} - System32\Tasks\ASUS USB Charger Plus => C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe [2013-08-09] (ASUSTek Computer Inc.)
Task: {EA889F9D-365D-40E3-A424-0D53B3B1F0AA} - System32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473 => C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\iumsvc.exe [2014-02-28] ()
Task: {EBCE125A-C414-4B68-BA39-3A958F33F225} - System32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473-Logon => C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\iumsvc.exe [2014-02-28] ()
Task: {F0EAD2AE-6B34-4AD1-909C-B48CF1D887C5} - System32\Tasks\ASUS P4G => C:\Program Files\ASUS\P4G\BatteryLife.exe [2013-07-23] (ASUS)
Task: {F2CB4B7A-9D1E-4752-8983-4BE0770C76D7} - System32\Tasks\Microsoft\Windows\Application Experience\ProgramDataUpdater => Rundll32.exe invagent.dll,RunUpdate -noappraiser
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Aufgabe verschoben. Die Datei, die durch die Aufgabe gestartet wird, wird nicht verschoben.)
Task: C:\WINDOWS\Tasks\DropboxUpdateTaskUserS-1-5-21-3515464670-2770779577-3274627398-1002Core.job => C:\Users\Martin\AppData\Local\Dropbox\Update\DropboxUpdate.exe
Task: C:\WINDOWS\Tasks\DropboxUpdateTaskUserS-1-5-21-3515464670-2770779577-3274627398-1002UA.job => C:\Users\Martin\AppData\Local\Dropbox\Update\DropboxUpdate.exe
==================== Geladene Module (Nicht auf der Ausnahmeliste) ==============
2014-04-18 20:05 - 2014-05-20 09:19 - 00105640 _____ () C:\Program Files\Microsoft Office 15\ClientX64\ApiClient.dll
2013-12-10 08:13 - 2013-12-10 08:13 - 00013088 _____ () C:\Program Files\NVIDIA Corporation\CoProcManager\detoured.dll
2013-07-23 10:54 - 2013-07-23 10:54 - 00031360 _____ () C:\Program Files\ASUS\P4G\DevMng.dll
2013-04-24 17:09 - 2013-04-24 17:09 - 00011264 _____ () C:\Program Files (x86)\Bluetooth Suite\Modules\ActivateDesktopDebugger\ActivateDesktopDebugger.dll
2013-04-24 17:07 - 2013-04-24 17:07 - 00086016 _____ () C:\Program Files (x86)\Bluetooth Suite\Modules\Map\MAP.dll
2013-04-24 17:12 - 2013-04-24 17:12 - 00012928 _____ () C:\Program Files (x86)\Bluetooth Suite\ActivateDesktop.exe
2015-01-20 21:08 - 2013-10-23 10:20 - 00102176 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2013-10-05 22:45 - 2013-08-08 14:23 - 01242584 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\ACE.dll
2012-08-03 21:53 - 2012-08-03 21:53 - 00062968 _____ () C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\zlib1.dll
2013-12-10 08:13 - 2013-12-10 08:13 - 00013088 _____ () C:\Program Files (x86)\NVIDIA Corporation\CoProcManager\detoured.dll
2013-08-19 18:16 - 2013-08-19 18:16 - 00015440 _____ () C:\Program Files (x86)\ASUS\Splendid\DetectDisplayDC.dll
2013-08-16 11:03 - 2013-08-16 11:03 - 00023040 _____ () C:\Program Files (x86)\ASUS\Splendid\CCTAdjust.dll
2013-04-27 10:24 - 2013-04-27 10:24 - 00071680 _____ () C:\Program Files (x86)\ASUS\ASUS Live Update\checkmetro.dll
==================== Alternate Data Streams (Nicht auf der Ausnahmeliste) =========
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird nur der ADS entfernt.)
==================== Abgesicherter Modus (Nicht auf der Ausnahmeliste) ===================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Der Wert "AlternateShell" wird wiederhergestellt.)
==================== EXE Verknüpfungen (Nicht auf der Ausnahmeliste) ===============
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt.)
==================== Internet Explorer Vertrauenswürdig/Eingeschränkt ===============
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt.)
IE trusted site: HKU\S-1-5-21-3515464670-2770779577-3274627398-1002\...\127.0.0.1 -> hxxp://127.0.0.1
==================== Andere Bereiche ============================
(Aktuell gibt es keinen automatisierten Fix für diesen Bereich.)
HKU\S-1-5-21-3515464670-2770779577-3274627398-1002\Control Panel\Desktop\\Wallpaper -> C:\Windows\ASUS\wallpapers\ASUS.jpg
DNS Servers: 192.168.2.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall ist aktiviert.
==================== MSCONFIG/TASK MANAGER Deaktivierte Einträge ==
(Aktuell gibt es keinen automatisierten Fix für diesen Bereich.)
HKU\S-1-5-21-3515464670-2770779577-3274627398-1002\...\StartupApproved\StartupFolder: => "An OneNote senden.lnk"
HKU\S-1-5-21-3515464670-2770779577-3274627398-1002\...\StartupApproved\Run: => "Dropbox Update"
==================== Firewall Regeln (Nicht auf der Ausnahmeliste) ===============
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [{751F841B-9D64-4C50-A018-BE9CA092A5D4}] => (Allow) C:\Users\Martin\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [{950877E4-82DD-4ED7-975E-2A7BB79C2351}] => (Allow) C:\Users\Martin\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [{85822F7D-18B7-4892-AF89-9B1B4698E078}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
FirewallRules: [{10D9E59D-39F2-455B-90E9-E8BD360101B4}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
FirewallRules: [{3928848A-37F9-4D9C-A6B8-A6A885D8D78E}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\outlook.exe
FirewallRules: [{D2AC0B64-FA96-49B9-AE81-62AD4C0F9175}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD10\PowerDVD10.EXE
FirewallRules: [{9CBDB688-1560-4EC3-B3C4-13B86FD1A88A}] => (Allow) C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe
FirewallRules: [{99AB5382-1059-45AC-AAEB-E32736E99DF9}] => (Allow) C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe
FirewallRules: [{08DF9207-336B-4D4F-B1FD-122BC45D324B}] => (Allow) LPort=1900
FirewallRules: [{CACDB418-5466-44CB-97EB-234638B11E8D}] => (Allow) LPort=2869
FirewallRules: [{8F742722-EB63-4B60-8280-435B83C49A8F}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{1B753360-4F37-4FE7-91C8-7B951E0BB4DF}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{5C96BA0C-C228-4D5D-B2AF-C807599DC021}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{8C373356-43AD-42B1-A057-257449FA707E}] => (Allow) C:\Users\Martin\AppData\Local\Temp\7zS5C4C\HPDiagnosticCoreUI.exe
FirewallRules: [{2ACD19DF-50FB-4126-9924-18106E745FD3}] => (Allow) C:\Users\Martin\AppData\Local\Temp\7zS5C4C\HPDiagnosticCoreUI.exe
FirewallRules: [{A12D5A7A-548C-4D13-9750-5CE1C783ECAF}] => (Allow) C:\Program Files\HP\HP Officejet Pro 8610\bin\FaxApplications.exe
FirewallRules: [{B289DC0F-4830-432D-84A4-1A2541B4D1EB}] => (Allow) C:\Program Files\HP\HP Officejet Pro 8610\bin\DigitalWizards.exe
FirewallRules: [{190175D6-97F1-45CD-87F5-DA52B8783708}] => (Allow) C:\Program Files\HP\HP Officejet Pro 8610\bin\SendAFax.exe
FirewallRules: [{2B43AB12-80FC-4488-B064-4072CC2ABF09}] => (Allow) C:\Program Files\HP\HP Officejet Pro 8610\Bin\DeviceSetup.exe
FirewallRules: [{B6617DA2-917E-4925-90A9-54EFFAF2C2EC}] => (Allow) LPort=5357
FirewallRules: [{18758A9E-399C-43A6-9BAE-6C5A8651EC9D}] => (Allow) C:\Program Files\HP\HP Officejet Pro 8610\Bin\HPNetworkCommunicatorCom.exe
FirewallRules: [{38AB1BD2-8933-4AF1-AE25-F75BD4FAF664}] => (Allow) C:\Users\Martin\AppData\Local\Temp\7zS68C6\HPDiagnosticCoreUI.exe
FirewallRules: [{5EFF3C30-5418-44BE-B752-DADF66A79672}] => (Allow) C:\Users\Martin\AppData\Local\Temp\7zS68C6\HPDiagnosticCoreUI.exe
FirewallRules: [{9B209BC0-BE38-43A1-8798-A669D23B7168}] => (Allow) C:\Users\Martin\AppData\Local\Temp\7zS693C\HPDiagnosticCoreUI.exe
FirewallRules: [{0E1DEA38-16FD-49FF-918F-54608336B1D0}] => (Allow) C:\Users\Martin\AppData\Local\Temp\7zS693C\HPDiagnosticCoreUI.exe
FirewallRules: [{C99C6943-96E7-41FE-A3C3-721B5CD6B873}] => (Allow) C:\Users\Martin\AppData\Local\Temp\7zS026A\HPDiagnosticCoreUI.exe
FirewallRules: [{D372B8AC-3B0C-4D7B-BF1C-B93378B8D281}] => (Allow) C:\Users\Martin\AppData\Local\Temp\7zS026A\HPDiagnosticCoreUI.exe
FirewallRules: [AusweisApp2-Firewall-Rule] => (Allow) C:\Program Files (x86)\AusweisApp2 1.2.2\AusweisApp2.exe
==================== Fehlerhafte Geräte im Gerätemanager =============
Name: Cisco AnyConnect Secure Mobility Client Virtual Miniport Adapter for Windows x64
Description: Cisco AnyConnect Secure Mobility Client Virtual Miniport Adapter for Windows x64
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Cisco Systems
Service: vpnva
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
==================== Fehlereinträge in der Ereignisanzeige: =========================
Applikationsfehler:
==================
Error: (09/12/2015 02:41:03 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_6240b9c7ecbd0bda.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_6240b9c7ecbd0bda.manifest2" in Zeile C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_6240b9c7ecbd0bda.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_6240b9c7ecbd0bda.manifest.
Komponente 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_a9edf09f013934e0.manifest.
Error: (09/12/2015 11:53:46 AM) (Source: SideBySide) (EventID: 78) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_6240b9c7ecbd0bda.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_6240b9c7ecbd0bda.manifest2" in Zeile C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_6240b9c7ecbd0bda.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_6240b9c7ecbd0bda.manifest.
Komponente 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_a9edf09f013934e0.manifest.
Error: (09/12/2015 11:53:44 AM) (Source: SideBySide) (EventID: 78) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_6240b9c7ecbd0bda.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_6240b9c7ecbd0bda.manifest2" in Zeile C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_6240b9c7ecbd0bda.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_6240b9c7ecbd0bda.manifest.
Komponente 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_a9edf09f013934e0.manifest.
Error: (09/12/2015 11:53:27 AM) (Source: SideBySide) (EventID: 78) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_6240b9c7ecbd0bda.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_6240b9c7ecbd0bda.manifest2" in Zeile C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_6240b9c7ecbd0bda.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_6240b9c7ecbd0bda.manifest.
Komponente 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_a9edf09f013934e0.manifest.
Error: (09/12/2015 11:36:22 AM) (Source: SideBySide) (EventID: 78) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_6240b9c7ecbd0bda.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_6240b9c7ecbd0bda.manifest2" in Zeile C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_6240b9c7ecbd0bda.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_6240b9c7ecbd0bda.manifest.
Komponente 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_a9edf09f013934e0.manifest.
Error: (09/12/2015 11:36:19 AM) (Source: SideBySide) (EventID: 78) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_6240b9c7ecbd0bda.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_6240b9c7ecbd0bda.manifest2" in Zeile C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_6240b9c7ecbd0bda.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_6240b9c7ecbd0bda.manifest.
Komponente 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_a9edf09f013934e0.manifest.
Error: (09/12/2015 11:36:15 AM) (Source: SideBySide) (EventID: 78) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_6240b9c7ecbd0bda.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_6240b9c7ecbd0bda.manifest2" in Zeile C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_6240b9c7ecbd0bda.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_6240b9c7ecbd0bda.manifest.
Komponente 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_a9edf09f013934e0.manifest.
Error: (09/12/2015 11:36:15 AM) (Source: SideBySide) (EventID: 78) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_6240b9c7ecbd0bda.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_6240b9c7ecbd0bda.manifest2" in Zeile C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_6240b9c7ecbd0bda.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_6240b9c7ecbd0bda.manifest.
Komponente 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_a9edf09f013934e0.manifest.
Error: (09/12/2015 11:35:44 AM) (Source: SideBySide) (EventID: 78) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_6240b9c7ecbd0bda.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_6240b9c7ecbd0bda.manifest2" in Zeile C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_6240b9c7ecbd0bda.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_6240b9c7ecbd0bda.manifest.
Komponente 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_a9edf09f013934e0.manifest.
Error: (09/12/2015 11:35:17 AM) (Source: DptfEvent) (EventID: 2) (User: )
Description: DptfPolicyLpmServiceHelper
WinMain: CreateSharedMemory() failed.
Session ID = 2
Systemfehler:
=============
Error: (09/12/2015 11:40:33 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "eapihdrv" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1275
Error: (09/12/2015 11:40:33 AM) (Source: Application Popup) (EventID: 1060) (User: )
Description: \??\C:\Users\Martin\AppData\Local\Temp\ehdrv.sys
Error: (09/12/2015 11:40:33 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "eapihdrv" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1275
Error: (09/12/2015 11:40:33 AM) (Source: Application Popup) (EventID: 1060) (User: )
Description: \??\C:\Users\Martin\AppData\Local\Temp\ehdrv.sys
Error: (09/12/2015 11:40:33 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "eapihdrv" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1275
Error: (09/12/2015 11:40:33 AM) (Source: Application Popup) (EventID: 1060) (User: )
Description: \??\C:\Users\Martin\AppData\Local\Temp\ehdrv.sys
Error: (09/12/2015 10:04:48 AM) (Source: Schannel) (EventID: 4120) (User: NT-AUTORITÄT)
Description: Es wurde eine schwerwiegende Warnung generiert und an den Remoteendpunkt gesendet. Dies kann dazu führen, dass die Verbindung beendet wird. Die schwerwiegende Warnung hat folgenden für das TLS-Protokoll definierten Code: 10. Der Windows-SChannel-Fehlerstatus lautet: 10.
Error: (09/12/2015 10:04:48 AM) (Source: Schannel) (EventID: 4120) (User: NT-AUTORITÄT)
Description: Es wurde eine schwerwiegende Warnung generiert und an den Remoteendpunkt gesendet. Dies kann dazu führen, dass die Verbindung beendet wird. Die schwerwiegende Warnung hat folgenden für das TLS-Protokoll definierten Code: 10. Der Windows-SChannel-Fehlerstatus lautet: 10.
Error: (09/11/2015 11:50:02 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Windows Media Player-Netzwerkfreigabedienst" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 30000 Millisekunden durchgeführt: Neustart des Diensts.
Error: (09/11/2015 11:50:02 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "NVIDIA Update Service Daemon" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.
Microsoft Office:
=========================
Error: (09/12/2015 02:41:03 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_6240b9c7ecbd0bda.manifestC:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_a9edf09f013934e0.manifestC:\Program Files (x86)\ESET\ESET Online Scanner\ESETSmartInstaller.exe
Error: (09/12/2015 11:53:46 AM) (Source: SideBySide) (EventID: 78) (User: )
Description: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_6240b9c7ecbd0bda.manifestC:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_a9edf09f013934e0.manifestC:\Users\Martin\Desktop\esetsmartinstaller_deu.exe
Error: (09/12/2015 11:53:44 AM) (Source: SideBySide) (EventID: 78) (User: )
Description: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_6240b9c7ecbd0bda.manifestC:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_a9edf09f013934e0.manifestC:\Users\Martin\Desktop\esetsmartinstaller_deu.exe
Error: (09/12/2015 11:53:27 AM) (Source: SideBySide) (EventID: 78) (User: )
Description: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_6240b9c7ecbd0bda.manifestC:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_a9edf09f013934e0.manifestC:\$Recycle.Bin\S-1-5-21-3515464670-2770779577-3274627398-1002\$RS89PDC.exe
Error: (09/12/2015 11:36:22 AM) (Source: SideBySide) (EventID: 78) (User: )
Description: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_6240b9c7ecbd0bda.manifestC:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_a9edf09f013934e0.manifestC:\Users\Martin\Desktop\esetsmartinstaller_deu.exe
Error: (09/12/2015 11:36:19 AM) (Source: SideBySide) (EventID: 78) (User: )
Description: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_6240b9c7ecbd0bda.manifestC:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_a9edf09f013934e0.manifestC:\Users\Martin\Desktop\esetsmartinstaller_deu.exe
Error: (09/12/2015 11:36:15 AM) (Source: SideBySide) (EventID: 78) (User: )
Description: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_6240b9c7ecbd0bda.manifestC:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_a9edf09f013934e0.manifestC:\Users\Martin\Desktop\esetsmartinstaller_deu.exe
Error: (09/12/2015 11:36:15 AM) (Source: SideBySide) (EventID: 78) (User: )
Description: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_6240b9c7ecbd0bda.manifestC:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_a9edf09f013934e0.manifestC:\Users\Martin\Desktop\esetsmartinstaller_deu.exe
Error: (09/12/2015 11:35:44 AM) (Source: SideBySide) (EventID: 78) (User: )
Description: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_6240b9c7ecbd0bda.manifestC:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_a9edf09f013934e0.manifestC:\Users\Martin\Desktop\esetsmartinstaller_deu.exe
Error: (09/12/2015 11:35:17 AM) (Source: DptfEvent) (EventID: 2) (User: )
Description: DptfPolicyLpmServiceHelperWinMain: CreateSharedMemory() failed.Session ID = 2
==================== Speicherinformationen ===========================
Prozessor: Intel(R) Core(TM) i5-4200U CPU @ 1.60GHz
Prozentuale Nutzung des RAM: 28%
Installierter physikalischer RAM: 8075.21 MB
Verfügbarer physikalischer RAM: 5778.08 MB
Summe virtueller Speicher: 16267.21 MB
Verfügbarer virtueller Speicher: 14079.32 MB
==================== Laufwerke ================================
Drive c: (OS) (Fixed) (Total:372.16 GB) (Free:276.22 GB) NTFS ==>[System mit Startkomponenten (eingeholt von lesen Laufwerk)]
Drive d: (Data) (Fixed) (Total:537.8 GB) (Free:537.64 GB) NTFS
Drive f: (My Passport) (Fixed) (Total:931.48 GB) (Free:841.65 GB) NTFS
Drive g: () (Removable) (Total:29.8 GB) (Free:0.09 GB) FAT32
Drive h: (FLASH DRIVE) (Removable) (Total:3.72 GB) (Free:0.51 GB) FAT32
==================== MBR & Partitionstabelle ==================
========================================================
Disk: 0 (Size: 931.5 GB) (Disk ID: 57788C0B)
Partition: GPT.
========================================================
Disk: 1 (Size: 22.4 GB) (Disk ID: D6909034)
Partition: GPT.
========================================================
Disk: 2 (MBR Code: Windows XP) (Size: 931.5 GB) (Disk ID: C5830A6C)
Partition 1: (Not Active) - (Size=931.5 GB) - (Type=07 NTFS)
========================================================
Disk: 3 (Size: 29.8 GB) (Disk ID: 00000000)
Partition: GPT.
========================================================
Disk: 4 (MBR Code: Windows XP) (Size: 3.7 GB) (Disk ID: C3072E18)
Partition 1: (Not Active) - (Size=3.7 GB) - (Type=0C)
==================== Ende von Addition.txt ============================
Kann ich jetzt davon ausgehen, dass alle Bedrohungen und so weiter von meinem Laptop weg sind und die ganzen Programme wieder löschen? Schon mal danke ... und sorry, aber habe von solchen Sachen wirklich wenig Ahnung Gruß, Martsch |
|
13.09.2015, 09:10
| #9 |
| /// the machine /// TB-Ausbilder | Links über Skype und Mails werden verschickt - aber nicht von mir Ja, alles gut Cleanup: (Die Reihenfolge ist hier entscheidend) Falls Defogger verwendet wurde: Erneut starten und auf Re-enable klicken. Falls Combofix verwendet wurde:  Combofix deinstallieren .
Alle Logs gepostet? Dann lade Dir bitte  DelFix herunter.
Hinweis: DelFix entfernt u.a. alle verwendeten Programme, die Quarantäne unserer Scanner, den Java-Cache und löscht sich abschließend selbst. Starte Deinen Rechner abschließend neu. Sollten jetzt noch Programme aus unserer Bereinigung übrig sein, kannst Du diese bedenkenlos löschen. Wenn Du möchtest, kannst Du hier sagen, ob Du mit mir und meiner Hilfe zufrieden warst...  und/oder das Forum mit einer kleinen Spende  unterstützen.   Absicherung:Beim Betriebsystem Windows die automatischen Updates aktivieren. Auch die sicherheitsrelevante Software sollte immer nur in der aktuellsten Version vorliegen: Browser Java Flash-Player PDF-Reader Sicherheitslücken in deren alten Versionen werden dazu ausgenutzt, um beim einfachen Besuch einer manipulierten Website per "Drive-by" Malware zu installieren. Ich empfehle z.B. die Verwendung von Mozilla Firefox statt des Internet Explorers. Zudem lassen sich mit dem Firefox auch PDF-Dokumente öffnen. Aktiviere eine Firewall. Die in Windows integrierte genügt im Normalfall völlig. Verwende ein Antivirusprogramm mit Echtzeitscanner und stets aktueller Signaturendatenbank. Meine Empfehlung:  Emsisoft Zusätzlich kannst Du Deinen PC regelmäßig mit Malwarebytes Anti-Malware und ESET scannen. Optional:  NoScript verhindert das Ausführen von aktiven Inhalten (Java, JavaScript, Flash,...) für sämtliche Websites. Man kann aber nach dem Prinzip einer Whitelist festlegen, auf welchen Seiten Scripts erlaubt werden sollen. Malwarebytes Anti Exploit: Schützt die Anwendungen des Computers vor der Ausnutzung bekannter Schwachstellen.Lade Software von einem sauberen Portal wie  .Wähle beim Installieren von Software immer die benutzerdefinierte Option und entferne den Haken bei allen optional angebotenen Toolbars oder sonstigen, fürs Programm, irrelevanten Ergänzungen. Um Adware wieder los zu werden, empfiehlt sich zunächst die Deinstallation sowie die anschließende Resteentfernung mit Adwarecleaner . Abschließend noch ein paar grundsätzliche Bemerkungen: Ändere regelmäßig Deine wichtigen Online-Passwörter und erstelle regelmäßig Backups Deiner wichtigen Dateien oder des Systems. Der Nutzen von Registry-Cleanern, Optimizern usw. zur Performancesteigerung ist umstritten. Ich empfehle deshalb, die Finger von der Registry zu lassen und lieber die windowseigene Datenträgerbereinigung zu verwenden.
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
13.09.2015, 11:45
| #10 |
| | Links über Skype und Mails werden verschickt - aber nicht von mir Perfekt! Danke für Deine Hilfe und die Tipps Gruß, Martsch |
|
14.09.2015, 05:45
| #11 |
| /// the machine /// TB-Ausbilder | Links über Skype und Mails werden verschickt - aber nicht von mir Gern Geschehen
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
| Themen zu Links über Skype und Mails werden verschickt - aber nicht von mir |
| adobe, computer, cpu, defender, dnsapi.dll, email account versendet spammails, error, explorer, firewall, installation, monitor, mozilla, office 365, officejet, onedrive, prozesse, realtek, registry, rundll, scan, services.exe, skype spam, software, svchost.exe, symantec, system, updates, virus, windows, winlogon.exe, wlan |
dann auf 
und dann auf 
. 
+ R Taste und schreibe Combofix /Uninstall in das 
Linear-Darstellung
